From e96e29315a06df8bbda7a54fc4320c8518015d9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frederik=20Jerl=C3=B8v?= Date: Tue, 6 Jan 2026 10:55:14 +0100 Subject: [PATCH] Add S3 action support with labels and improve action display - Add S3Action type with AWS S3 integration (role ARN, region, bucket, file output) - Implement CreateS3Action GraphQL mutation with NDJSON/CSV output formats - Add label support for all action types (Email, HumioRepo, OpsGenie, PagerDuty, S3, Slack, SlackPostMessage, UploadFile, VictorOps, Webhook) - Display labels in action show and list commands - Extract label extraction logic into reusable function - Remove deprecated IsStarred field from Alert type - Clean up legacy parser GraphQL mutations - Update GraphQL schema with latest action and alert definitions --- cmd/humioctl/actions.go | 28 + cmd/humioctl/actions_list.go | 11 +- cmd/humioctl/actions_show.go | 3 + cmd/humioctl/alerts_show.go | 1 - internal/api/actions.go | 145 + internal/api/alerts.go | 3 - .../api/humiographql/graphql/actions.graphql | 85 +- .../api/humiographql/graphql/alerts.graphql | 1 - .../api/humiographql/graphql/parsers.graphql | 53 - internal/api/humiographql/humiographql.go | 2231 +- .../api/humiographql/schema/_schema.graphql | 46824 ++++++++-------- internal/api/parsers.go | 102 - 12 files changed, 24719 insertions(+), 24768 deletions(-) diff --git a/cmd/humioctl/actions.go b/cmd/humioctl/actions.go index 21d73c2..55a95b2 100644 --- a/cmd/humioctl/actions.go +++ b/cmd/humioctl/actions.go @@ -15,9 +15,37 @@ package main import ( + "github.com/humio/cli/internal/api" "github.com/spf13/cobra" ) +// getActionLabels extracts labels from an action based on its type +func getActionLabels(action api.Action) []string { + switch action.Type { + case "EmailAction": + return action.EmailAction.Labels + case "HumioRepoAction": + return action.HumioRepoAction.Labels + case "OpsGenieAction": + return action.OpsGenieAction.Labels + case "PagerDutyAction": + return action.PagerDutyAction.Labels + case "SlackAction": + return action.SlackAction.Labels + case "SlackPostMessageAction": + return action.SlackPostMessageAction.Labels + case "VictorOpsAction": + return action.VictorOpsAction.Labels + case "UploadFileAction": + return action.UploadFileAction.Labels + case "WebhookAction": + return action.WebhookAction.Labels + case "S3Action": + return action.S3Action.Labels + } + return nil +} + func newActionsCmd() *cobra.Command { cmd := &cobra.Command{ Use: "actions", diff --git a/cmd/humioctl/actions_list.go b/cmd/humioctl/actions_list.go index 745d629..44fd87d 100644 --- a/cmd/humioctl/actions_list.go +++ b/cmd/humioctl/actions_list.go @@ -15,6 +15,8 @@ package main import ( + "strings" + "github.com/humio/cli/internal/format" "github.com/spf13/cobra" ) @@ -34,10 +36,15 @@ func newActionsListCmd() *cobra.Command { var rows [][]format.Value for i := 0; i < len(actions); i++ { action := actions[i] - rows = append(rows, []format.Value{format.String(action.Name), format.String(action.Type)}) + + rows = append(rows, []format.Value{ + format.String(action.Name), + format.String(action.Type), + format.String(strings.Join(action.GetLabels(), ",")), + }) } - printOverviewTable(cmd, []string{"Name", "Type"}, rows) + printOverviewTable(cmd, []string{"Name", "Type", "Labels"}, rows) }, } diff --git a/cmd/humioctl/actions_show.go b/cmd/humioctl/actions_show.go index 1a0547b..c01f57b 100644 --- a/cmd/humioctl/actions_show.go +++ b/cmd/humioctl/actions_show.go @@ -15,6 +15,8 @@ package main import ( + "strings" + "github.com/humio/cli/internal/format" "github.com/spf13/cobra" ) @@ -36,6 +38,7 @@ func newActionsShowCmd() *cobra.Command { {format.String("Name"), format.String(action.Name)}, {format.String("Type"), format.String(action.Type)}, {format.String("ID"), format.String(action.ID)}, + {format.String("Labels"), format.String(strings.Join(action.GetLabels(), ","))}, } printDetailsTable(cmd, details) diff --git a/cmd/humioctl/alerts_show.go b/cmd/humioctl/alerts_show.go index f9a8eff..2bc2c6d 100644 --- a/cmd/humioctl/alerts_show.go +++ b/cmd/humioctl/alerts_show.go @@ -43,7 +43,6 @@ func newAlertsShowCmd() *cobra.Command { {format.String("Query String"), format.String(alert.QueryString)}, {format.String("Labels"), format.String(strings.Join(alert.Labels, ", "))}, {format.String("Throttle Time Millis"), format.Int(alert.ThrottleTimeMillis)}, - {format.String("Is Starred"), format.Bool(alert.IsStarred)}, {format.String("Last Error"), format.StringPtr(alert.LastError)}, {format.String("Throttle Field"), format.StringPtr(alert.ThrottleField)}, {format.String("Time Of Last Trigger"), format.Int64Ptr(alert.TimeOfLastTrigger)}, diff --git a/internal/api/actions.go b/internal/api/actions.go index c599a58..362e409 100644 --- a/internal/api/actions.go +++ b/internal/api/actions.go @@ -12,27 +12,36 @@ type Actions struct { client *Client } +// Labeled interface for action types that have labels +type Labeled interface { + GetLabels() []string +} + type EmailAction struct { Recipients []string SubjectTemplate *string BodyTemplate *string UseProxy bool + Labels []string } type HumioRepoAction struct { IngestToken string + Labels []string } type OpsGenieAction struct { ApiUrl string GenieKey string UseProxy bool + Labels []string } type PagerDutyAction struct { Severity string RoutingKey string UseProxy bool + Labels []string } type SlackField struct { @@ -44,6 +53,7 @@ type SlackAction struct { Url string Fields []SlackField UseProxy bool + Labels []string } type SlackPostMessageAction struct { @@ -51,16 +61,19 @@ type SlackPostMessageAction struct { Channels []string Fields []SlackField UseProxy bool + Labels []string } type UploadFileAction struct { FileName string + Labels []string } type VictorOpsAction struct { MessageType string NotifyUrl string UseProxy bool + Labels []string } type HttpHeader struct { @@ -75,8 +88,32 @@ type WebhookAction struct { BodyTemplate string IgnoreSSL bool UseProxy bool + Labels []string +} + +type S3Action struct { + RoleArn string + AwsRegion string + BucketName string + FileName string + OutputFormat string + OutputMetadata bool + UseProxy bool + Labels []string } +// GetLabels implementations for all action types +func (e EmailAction) GetLabels() []string { return e.Labels } +func (h HumioRepoAction) GetLabels() []string { return h.Labels } +func (o OpsGenieAction) GetLabels() []string { return o.Labels } +func (p PagerDutyAction) GetLabels() []string { return p.Labels } +func (s SlackAction) GetLabels() []string { return s.Labels } +func (s SlackPostMessageAction) GetLabels() []string { return s.Labels } +func (u UploadFileAction) GetLabels() []string { return u.Labels } +func (v VictorOpsAction) GetLabels() []string { return v.Labels } +func (w WebhookAction) GetLabels() []string { return w.Labels } +func (s S3Action) GetLabels() []string { return s.Labels } + type Action struct { Type string ID string `yaml:"-"` @@ -91,6 +128,35 @@ type Action struct { VictorOpsAction VictorOpsAction `yaml:"victorOpsAction,omitempty"` UploadFileAction UploadFileAction `yaml:"uploadFileAction,omitempty"` WebhookAction WebhookAction `yaml:"webhookAction,omitempty"` + S3Action S3Action `yaml:"s3Action,omitempty"` +} + +// GetLabels returns the labels from the specific action type +func (a Action) GetLabels() []string { + switch { + case !reflect.ValueOf(a.EmailAction).IsZero(): + return a.EmailAction.GetLabels() + case !reflect.ValueOf(a.HumioRepoAction).IsZero(): + return a.HumioRepoAction.GetLabels() + case !reflect.ValueOf(a.OpsGenieAction).IsZero(): + return a.OpsGenieAction.GetLabels() + case !reflect.ValueOf(a.PagerDutyAction).IsZero(): + return a.PagerDutyAction.GetLabels() + case !reflect.ValueOf(a.SlackAction).IsZero(): + return a.SlackAction.GetLabels() + case !reflect.ValueOf(a.SlackPostMessageAction).IsZero(): + return a.SlackPostMessageAction.GetLabels() + case !reflect.ValueOf(a.VictorOpsAction).IsZero(): + return a.VictorOpsAction.GetLabels() + case !reflect.ValueOf(a.UploadFileAction).IsZero(): + return a.UploadFileAction.GetLabels() + case !reflect.ValueOf(a.WebhookAction).IsZero(): + return a.WebhookAction.GetLabels() + case !reflect.ValueOf(a.S3Action).IsZero(): + return a.S3Action.GetLabels() + default: + return []string{} + } } func (c *Client) Actions() *Actions { return &Actions{client: c} } @@ -115,6 +181,7 @@ func (n *Actions) List(searchDomainName string) ([]Action, error) { SubjectTemplate: v.GetSubjectTemplate(), BodyTemplate: v.GetEmailBodyTemplate(), UseProxy: v.GetUseProxy(), + Labels: v.GetLabels(), }, } case *humiographql.ListActionsSearchDomainActionsHumioRepoAction: @@ -124,6 +191,7 @@ func (n *Actions) List(searchDomainName string) ([]Action, error) { Name: v.GetName(), HumioRepoAction: HumioRepoAction{ IngestToken: v.GetIngestToken(), + Labels: v.GetLabels(), }, } case *humiographql.ListActionsSearchDomainActionsOpsGenieAction: @@ -135,6 +203,7 @@ func (n *Actions) List(searchDomainName string) ([]Action, error) { ApiUrl: v.GetApiUrl(), GenieKey: v.GetGenieKey(), UseProxy: v.GetUseProxy(), + Labels: v.GetLabels(), }, } case *humiographql.ListActionsSearchDomainActionsPagerDutyAction: @@ -146,6 +215,7 @@ func (n *Actions) List(searchDomainName string) ([]Action, error) { Severity: v.GetSeverity(), RoutingKey: v.GetRoutingKey(), UseProxy: v.GetUseProxy(), + Labels: v.GetLabels(), }, } case *humiographql.ListActionsSearchDomainActionsSlackAction: @@ -164,6 +234,7 @@ func (n *Actions) List(searchDomainName string) ([]Action, error) { Url: v.GetUrl(), Fields: fields, UseProxy: v.GetUseProxy(), + Labels: v.GetLabels(), }, } case *humiographql.ListActionsSearchDomainActionsSlackPostMessageAction: @@ -183,6 +254,7 @@ func (n *Actions) List(searchDomainName string) ([]Action, error) { Channels: v.GetChannels(), Fields: fields, UseProxy: v.GetUseProxy(), + Labels: v.GetLabels(), }, } case *humiographql.ListActionsSearchDomainActionsVictorOpsAction: @@ -194,6 +266,7 @@ func (n *Actions) List(searchDomainName string) ([]Action, error) { MessageType: v.GetMessageType(), NotifyUrl: v.GetNotifyUrl(), UseProxy: v.GetUseProxy(), + Labels: v.GetLabels(), }, } case *humiographql.ListActionsSearchDomainActionsUploadFileAction: @@ -203,6 +276,7 @@ func (n *Actions) List(searchDomainName string) ([]Action, error) { Name: v.GetName(), UploadFileAction: UploadFileAction{ FileName: v.GetFileName(), + Labels: v.GetLabels(), }, } case *humiographql.ListActionsSearchDomainActionsWebhookAction: @@ -224,6 +298,23 @@ func (n *Actions) List(searchDomainName string) ([]Action, error) { BodyTemplate: v.GetWebhookBodyTemplate(), IgnoreSSL: v.GetIgnoreSSL(), UseProxy: v.GetUseProxy(), + Labels: v.GetLabels(), + }, + } + case *humiographql.ListActionsSearchDomainActionsS3Action: + actions[idx] = Action{ + Type: *v.GetTypename(), + ID: v.GetId(), + Name: v.GetName(), + S3Action: S3Action{ + RoleArn: v.GetRoleArn(), + AwsRegion: v.GetAwsRegion(), + BucketName: v.GetBucketName(), + FileName: v.GetFileName(), + OutputFormat: string(v.GetOutputFormat()), + OutputMetadata: v.GetOutputMetadata(), + UseProxy: v.GetUseProxy(), + Labels: v.GetLabels(), }, } default: @@ -253,6 +344,7 @@ func (n *Actions) Add(searchDomainName string, newAction *Action) (*Action, erro newAction.EmailAction.SubjectTemplate, newAction.EmailAction.BodyTemplate, newAction.EmailAction.UseProxy, + newAction.EmailAction.Labels, ) if err != nil { return nil, err @@ -267,6 +359,7 @@ func (n *Actions) Add(searchDomainName string, newAction *Action) (*Action, erro SubjectTemplate: respUpdate.GetSubjectTemplate(), BodyTemplate: respUpdate.GetBodyTemplate(), UseProxy: respUpdate.GetUseProxy(), + Labels: respUpdate.GetLabels(), }, }, nil } @@ -278,6 +371,7 @@ func (n *Actions) Add(searchDomainName string, newAction *Action) (*Action, erro searchDomainName, newAction.Name, newAction.HumioRepoAction.IngestToken, + newAction.HumioRepoAction.Labels, ) if err != nil { return nil, err @@ -289,6 +383,7 @@ func (n *Actions) Add(searchDomainName string, newAction *Action) (*Action, erro Name: respUpdate.GetName(), HumioRepoAction: HumioRepoAction{ IngestToken: respUpdate.GetIngestToken(), + Labels: respUpdate.GetLabels(), }, }, nil } @@ -302,6 +397,7 @@ func (n *Actions) Add(searchDomainName string, newAction *Action) (*Action, erro newAction.OpsGenieAction.ApiUrl, newAction.OpsGenieAction.GenieKey, newAction.OpsGenieAction.UseProxy, + newAction.OpsGenieAction.Labels, ) if err != nil { return nil, err @@ -315,6 +411,7 @@ func (n *Actions) Add(searchDomainName string, newAction *Action) (*Action, erro ApiUrl: respUpdate.GetApiUrl(), GenieKey: respUpdate.GetGenieKey(), UseProxy: respUpdate.GetUseProxy(), + Labels: respUpdate.GetLabels(), }, }, nil } @@ -328,6 +425,7 @@ func (n *Actions) Add(searchDomainName string, newAction *Action) (*Action, erro newAction.PagerDutyAction.Severity, newAction.PagerDutyAction.RoutingKey, newAction.PagerDutyAction.UseProxy, + newAction.PagerDutyAction.Labels, ) if err != nil { return nil, err @@ -341,6 +439,7 @@ func (n *Actions) Add(searchDomainName string, newAction *Action) (*Action, erro Severity: respUpdate.GetSeverity(), RoutingKey: respUpdate.GetRoutingKey(), UseProxy: respUpdate.GetUseProxy(), + Labels: respUpdate.GetLabels(), }, }, nil } @@ -361,6 +460,7 @@ func (n *Actions) Add(searchDomainName string, newAction *Action) (*Action, erro fields, newAction.SlackAction.Url, newAction.SlackAction.UseProxy, + newAction.SlackAction.Labels, ) if err != nil { return nil, err @@ -382,6 +482,7 @@ func (n *Actions) Add(searchDomainName string, newAction *Action) (*Action, erro Fields: fieldsUpdate, Url: respUpdate.GetUrl(), UseProxy: respUpdate.GetUseProxy(), + Labels: respUpdate.GetLabels(), }, }, nil } @@ -403,6 +504,7 @@ func (n *Actions) Add(searchDomainName string, newAction *Action) (*Action, erro newAction.SlackPostMessageAction.Channels, fields, newAction.SlackPostMessageAction.UseProxy, + newAction.SlackPostMessageAction.Labels, ) if err != nil { return nil, err @@ -425,6 +527,7 @@ func (n *Actions) Add(searchDomainName string, newAction *Action) (*Action, erro Channels: respUpdate.GetChannels(), Fields: fieldsUpdate, UseProxy: respUpdate.GetUseProxy(), + Labels: respUpdate.GetLabels(), }, }, nil } @@ -438,6 +541,7 @@ func (n *Actions) Add(searchDomainName string, newAction *Action) (*Action, erro newAction.VictorOpsAction.MessageType, newAction.VictorOpsAction.NotifyUrl, newAction.VictorOpsAction.UseProxy, + newAction.VictorOpsAction.Labels, ) if err != nil { return nil, err @@ -451,6 +555,7 @@ func (n *Actions) Add(searchDomainName string, newAction *Action) (*Action, erro MessageType: respUpdate.GetMessageType(), NotifyUrl: respUpdate.GetNotifyUrl(), UseProxy: respUpdate.GetUseProxy(), + Labels: respUpdate.GetLabels(), }, }, nil } @@ -462,6 +567,7 @@ func (n *Actions) Add(searchDomainName string, newAction *Action) (*Action, erro searchDomainName, newAction.Name, newAction.UploadFileAction.FileName, + newAction.UploadFileAction.Labels, ) if err != nil { return nil, err @@ -473,6 +579,7 @@ func (n *Actions) Add(searchDomainName string, newAction *Action) (*Action, erro Name: respUpdate.GetName(), UploadFileAction: UploadFileAction{ FileName: respUpdate.GetFileName(), + Labels: respUpdate.GetLabels(), }, }, nil } @@ -496,6 +603,7 @@ func (n *Actions) Add(searchDomainName string, newAction *Action) (*Action, erro newAction.WebhookAction.BodyTemplate, newAction.WebhookAction.IgnoreSSL, newAction.WebhookAction.UseProxy, + newAction.WebhookAction.Labels, ) if err != nil { return nil, err @@ -520,6 +628,43 @@ func (n *Actions) Add(searchDomainName string, newAction *Action) (*Action, erro BodyTemplate: respUpdate.GetBodyTemplate(), IgnoreSSL: respUpdate.GetIgnoreSSL(), UseProxy: respUpdate.GetUseProxy(), + Labels: respUpdate.GetLabels(), + }, + }, nil + } + + if !reflect.ValueOf(newAction.S3Action).IsZero() { + resp, err := humiographql.CreateS3Action( + context.Background(), + n.client, + searchDomainName, + newAction.Name, + newAction.S3Action.RoleArn, + newAction.S3Action.AwsRegion, + newAction.S3Action.BucketName, + newAction.S3Action.FileName, + humiographql.S3ActionEventOutputFormat(newAction.S3Action.OutputFormat), + newAction.S3Action.OutputMetadata, + newAction.S3Action.UseProxy, + newAction.S3Action.Labels, + ) + if err != nil { + return nil, err + } + + respUpdate := resp.GetCreateS3Action() + return &Action{ + ID: respUpdate.GetId(), + Name: respUpdate.GetName(), + S3Action: S3Action{ + RoleArn: respUpdate.GetRoleArn(), + AwsRegion: respUpdate.GetAwsRegion(), + BucketName: respUpdate.GetBucketName(), + FileName: respUpdate.GetFileName(), + OutputFormat: string(respUpdate.GetOutputFormat()), + OutputMetadata: respUpdate.GetOutputMetadata(), + UseProxy: respUpdate.GetUseProxy(), + Labels: respUpdate.GetLabels(), }, }, nil } diff --git a/internal/api/alerts.go b/internal/api/alerts.go index 1ebbffb..a394011 100644 --- a/internal/api/alerts.go +++ b/internal/api/alerts.go @@ -14,7 +14,6 @@ type Alert struct { QueryStart string `yaml:"queryStart"` ThrottleField *string `yaml:"throttleField"` TimeOfLastTrigger *int64 `yaml:"timeOfLastTrigger"` - IsStarred bool `yaml:"isStarred"` Description *string ThrottleTimeMillis int64 `yaml:"throttleTimeMillis"` Enabled bool @@ -52,7 +51,6 @@ func (a *Alerts) List(searchDomainName string) ([]Alert, error) { QueryStart: alert.GetQueryStart(), ThrottleField: alert.GetThrottleField(), TimeOfLastTrigger: alert.GetTimeOfLastTrigger(), - IsStarred: alert.GetIsStarred(), Description: alert.GetDescription(), ThrottleTimeMillis: alert.GetThrottleTimeMillis(), Enabled: alert.GetEnabled(), @@ -116,7 +114,6 @@ func (a *Alerts) Add(searchDomainName string, newAlert *Alert) (*Alert, error) { QueryStart: respUpdate.GetQueryStart(), ThrottleField: respUpdate.GetThrottleField(), TimeOfLastTrigger: respUpdate.GetTimeOfLastTrigger(), - IsStarred: respUpdate.GetIsStarred(), Description: respUpdate.GetDescription(), ThrottleTimeMillis: respUpdate.GetThrottleTimeMillis(), Enabled: respUpdate.GetEnabled(), diff --git a/internal/api/humiographql/graphql/actions.graphql b/internal/api/humiographql/graphql/actions.graphql index cf5a824..9e23f18 100644 --- a/internal/api/humiographql/graphql/actions.graphql +++ b/internal/api/humiographql/graphql/actions.graphql @@ -7,23 +7,26 @@ fragment ActionDetails on Action{ subjectTemplate emailBodyTemplate: bodyTemplate useProxy - + labels } ... on HumioRepoAction { ingestToken + labels } ... on OpsGenieAction { apiUrl genieKey useProxy + labels } ... on PagerDutyAction { severity routingKey useProxy + labels } ... on SlackAction { @@ -33,6 +36,7 @@ fragment ActionDetails on Action{ value } useProxy + labels } ... on SlackPostMessageAction { @@ -43,16 +47,19 @@ fragment ActionDetails on Action{ value } useProxy + labels } ... on VictorOpsAction { messageType notifyUrl useProxy + labels } ... on UploadFileAction { fileName + labels } ... on WebhookAction { @@ -65,6 +72,18 @@ fragment ActionDetails on Action{ WebhookBodyTemplate: bodyTemplate ignoreSSL useProxy + labels + } + + ... on S3Action { + roleArn + awsRegion + bucketName + fileName + outputFormat + outputMetadata + useProxy + labels } } @@ -112,6 +131,7 @@ mutation CreateEmailAction( $SubjectTemplate: String $BodyTemplate: String $UseProxy: Boolean! + $Labels: [String!] ) { createEmailAction(input: { viewName: $SearchDomainName @@ -120,6 +140,7 @@ mutation CreateEmailAction( subjectTemplate: $SubjectTemplate bodyTemplate: $BodyTemplate useProxy: $UseProxy + labels: $Labels }) { id name @@ -127,6 +148,7 @@ mutation CreateEmailAction( subjectTemplate bodyTemplate useProxy + labels } } @@ -134,15 +156,18 @@ mutation CreateHumioRepoAction( $SearchDomainName: String! $ActionName: String! $IngestToken: String! + $Labels: [String!] ) { createHumioRepoAction(input: { viewName: $SearchDomainName name: $ActionName ingestToken: $IngestToken + labels: $Labels }) { id name ingestToken + labels } } @@ -152,6 +177,7 @@ mutation CreateOpsGenieAction( $ApiUrl: String! $GenieKey: String! $UseProxy: Boolean! + $Labels: [String!] ) { createOpsGenieAction(input: { viewName: $SearchDomainName @@ -159,12 +185,14 @@ mutation CreateOpsGenieAction( apiUrl: $ApiUrl genieKey: $GenieKey useProxy: $UseProxy + labels: $Labels }) { id name apiUrl genieKey useProxy + labels } } @@ -174,6 +202,7 @@ mutation CreatePagerDutyAction( $Severity: String! $RoutingKey: String! $UseProxy: Boolean! + $Labels: [String!] ) { createPagerDutyAction(input: { viewName: $SearchDomainName @@ -181,12 +210,14 @@ mutation CreatePagerDutyAction( severity: $Severity routingKey: $RoutingKey useProxy: $UseProxy + labels: $Labels }) { id name severity routingKey useProxy + labels } } @@ -196,6 +227,7 @@ mutation CreateSlackAction( $Fields: [SlackFieldEntryInput!]! $Url: String! $UseProxy: Boolean! + $Labels: [String!] ) { createSlackAction(input: { viewName: $SearchDomainName @@ -203,6 +235,7 @@ mutation CreateSlackAction( fields: $Fields url: $Url useProxy: $UseProxy + labels: $Labels }) { id name @@ -212,6 +245,7 @@ mutation CreateSlackAction( } url useProxy + labels } } @@ -222,6 +256,7 @@ mutation CreateSlackPostMessageAction( $Channels: [String!]! $Fields: [SlackFieldEntryInput!]! $UseProxy: Boolean! + $Labels: [String!] ) { createSlackPostMessageAction(input: { viewName: $SearchDomainName @@ -230,6 +265,7 @@ mutation CreateSlackPostMessageAction( channels: $Channels fields: $Fields useProxy: $UseProxy + labels: $Labels }) { id name @@ -240,6 +276,7 @@ mutation CreateSlackPostMessageAction( fieldName } useProxy + labels } } @@ -249,6 +286,7 @@ mutation CreateVictorOpsAction( $MessageType: String! $NotifyUrl: String! $UseProxy: Boolean! + $Labels: [String!] ) { createVictorOpsAction(input: { viewName: $SearchDomainName @@ -256,12 +294,14 @@ mutation CreateVictorOpsAction( messageType: $MessageType notifyUrl: $NotifyUrl useProxy: $UseProxy + labels: $Labels }) { id name messageType notifyUrl useProxy + labels } } @@ -269,15 +309,18 @@ mutation CreateUploadFileAction( $SearchDomainName: String! $ActionName: String! $FileName: String! + $Labels: [String!] ) { createUploadFileAction(input: { viewName: $SearchDomainName name: $ActionName fileName: $FileName + labels: $Labels }) { id name fileName + labels } } @@ -290,6 +333,7 @@ mutation CreateWebhookAction( $BodyTemplate: String! $IgnoreSSL: Boolean! $UseProxy: Boolean! + $Labels: [String!] ) { createWebhookAction(input: { viewName: $SearchDomainName @@ -300,6 +344,7 @@ mutation CreateWebhookAction( bodyTemplate: $BodyTemplate ignoreSSL: $IgnoreSSL useProxy: $UseProxy + labels: $Labels }) { id name @@ -312,5 +357,43 @@ mutation CreateWebhookAction( bodyTemplate ignoreSSL useProxy + labels + } +} + +mutation CreateS3Action( + $SearchDomainName: RepoOrViewName! + $ActionName: String! + $RoleArn: String! + $AwsRegion: String! + $BucketName: String! + $FileName: String! + $OutputFormat: S3ActionEventOutputFormat! + $OutputMetadata: Boolean! + $UseProxy: Boolean! + $Labels: [String!] +) { + createS3Action(input: { + viewName: $SearchDomainName + name: $ActionName + roleArn: $RoleArn + awsRegion: $AwsRegion + bucketName: $BucketName + fileName: $FileName + outputFormat: $OutputFormat + outputMetadata: $OutputMetadata + useProxy: $UseProxy + labels: $Labels + }) { + id + name + roleArn + awsRegion + bucketName + fileName + outputFormat + outputMetadata + useProxy + labels } } \ No newline at end of file diff --git a/internal/api/humiographql/graphql/alerts.graphql b/internal/api/humiographql/graphql/alerts.graphql index acf2eab..c040959 100644 --- a/internal/api/humiographql/graphql/alerts.graphql +++ b/internal/api/humiographql/graphql/alerts.graphql @@ -5,7 +5,6 @@ fragment AlertDetails on Alert { queryStart throttleField timeOfLastTrigger - isStarred description throttleTimeMillis enabled diff --git a/internal/api/humiographql/graphql/parsers.graphql b/internal/api/humiographql/graphql/parsers.graphql index 9d8e6e9..33be909 100644 --- a/internal/api/humiographql/graphql/parsers.graphql +++ b/internal/api/humiographql/graphql/parsers.graphql @@ -38,18 +38,6 @@ query ListParsers( } } -mutation LegacyDeleteParserByID( - $RepositoryName: String! - $ParserID: String! -) { - removeParser(input: { - repositoryName: $RepositoryName - id: $ParserID - }) { - __typename - } -} - mutation DeleteParserByID( $RepositoryName: RepoOrViewName! $ParserID: String! @@ -61,28 +49,6 @@ mutation DeleteParserByID( __typename } } -mutation LegacyCreateParser( - $RepositoryName: String! - $Name: String! - $TestData: [String!]! - $TagFields: [String!]! - $SourceCode: String! - $Force: Boolean! -) { - createParser(input: { - name: $Name - repositoryName: $RepositoryName - testData: $TestData - tagFields: $TagFields - sourceCode: $SourceCode - force: $Force - }) { - parser { - ...ParserDetails - } - } -} - mutation CreateParser( $RepositoryName: RepoOrViewName! @@ -106,25 +72,6 @@ mutation CreateParser( } } -query LegacyGetParser( - $RepositoryName: String! - $ParserName: String! -) { - repository( - name: $RepositoryName - ) { - parser( - name: $ParserName - ) { - id - name - sourceCode - testData - tagFields - } - } -} - query GetParserByID( $RepositoryName: String! $ParserID: String! diff --git a/internal/api/humiographql/humiographql.go b/internal/api/humiographql/humiographql.go index 31c2962..adf12ad 100644 --- a/internal/api/humiographql/humiographql.go +++ b/internal/api/humiographql/humiographql.go @@ -21,6 +21,7 @@ import ( // ActionDetailsHumioRepoAction // ActionDetailsOpsGenieAction // ActionDetailsPagerDutyAction +// ActionDetailsS3Action // ActionDetailsSlackAction // ActionDetailsSlackPostMessageAction // ActionDetailsUploadFileAction @@ -31,12 +32,14 @@ type ActionDetails interface { // GetId returns the interface-field "id" from its implementation. // The GraphQL interface field's documentation follows. // - // An action that can be invoked from a trigger. + // The id of the action. + // Stability: Long-term GetId() string // GetName returns the interface-field "name" from its implementation. // The GraphQL interface field's documentation follows. // - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term GetName() string } @@ -44,6 +47,7 @@ func (v *ActionDetailsEmailAction) implementsGraphQLInterfaceActionDetails() func (v *ActionDetailsHumioRepoAction) implementsGraphQLInterfaceActionDetails() {} func (v *ActionDetailsOpsGenieAction) implementsGraphQLInterfaceActionDetails() {} func (v *ActionDetailsPagerDutyAction) implementsGraphQLInterfaceActionDetails() {} +func (v *ActionDetailsS3Action) implementsGraphQLInterfaceActionDetails() {} func (v *ActionDetailsSlackAction) implementsGraphQLInterfaceActionDetails() {} func (v *ActionDetailsSlackPostMessageAction) implementsGraphQLInterfaceActionDetails() {} func (v *ActionDetailsUploadFileAction) implementsGraphQLInterfaceActionDetails() {} @@ -76,6 +80,9 @@ func __unmarshalActionDetails(b []byte, v *ActionDetails) error { case "PagerDutyAction": *v = new(ActionDetailsPagerDutyAction) return json.Unmarshal(b, *v) + case "S3Action": + *v = new(ActionDetailsS3Action) + return json.Unmarshal(b, *v) case "SlackAction": *v = new(ActionDetailsSlackAction) return json.Unmarshal(b, *v) @@ -136,6 +143,14 @@ func __marshalActionDetails(v *ActionDetails) ([]byte, error) { *ActionDetailsPagerDutyAction }{typename, v} return json.Marshal(result) + case *ActionDetailsS3Action: + typename = "S3Action" + + result := struct { + TypeName string `json:"__typename"` + *ActionDetailsS3Action + }{typename, v} + return json.Marshal(result) case *ActionDetailsSlackAction: typename = "SlackAction" @@ -189,9 +204,11 @@ func __marshalActionDetails(v *ActionDetails) ([]byte, error) { // // An action that can be invoked from a trigger. type ActionDetailsEmailAction struct { - // An action that can be invoked from a trigger. + // The id of the action. + // Stability: Long-term Id string `json:"id"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` // List of email addresses to send an email to. // Stability: Long-term @@ -202,9 +219,12 @@ type ActionDetailsEmailAction struct { // Body of the email. Can be templated with values from the result. // Stability: Long-term EmailBodyTemplate *string `json:"emailBodyTemplate"` - // Defines whether the action should use the configured proxy to make web requests. + // Defines whether the action should use the configured HTTP proxy to send requests. // Stability: Long-term UseProxy bool `json:"useProxy"` + // Labels to categorize the action. + // Stability: Preview + Labels []string `json:"labels"` } // GetId returns ActionDetailsEmailAction.Id, and is useful for accessing the field via an interface. @@ -225,6 +245,9 @@ func (v *ActionDetailsEmailAction) GetEmailBodyTemplate() *string { return v.Ema // GetUseProxy returns ActionDetailsEmailAction.UseProxy, and is useful for accessing the field via an interface. func (v *ActionDetailsEmailAction) GetUseProxy() bool { return v.UseProxy } +// GetLabels returns ActionDetailsEmailAction.Labels, and is useful for accessing the field via an interface. +func (v *ActionDetailsEmailAction) GetLabels() []string { return v.Labels } + // ActionDetailsFieldsSlackFieldEntry includes the requested fields of the GraphQL type SlackFieldEntry. // The GraphQL type's documentation follows. // @@ -268,13 +291,18 @@ func (v *ActionDetailsHeadersHttpHeaderEntry) GetValue() string { return v.Value // // An action that can be invoked from a trigger. type ActionDetailsHumioRepoAction struct { - // An action that can be invoked from a trigger. + // The id of the action. + // Stability: Long-term Id string `json:"id"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` // Humio ingest token for the dataspace that the action should ingest into. // Stability: Long-term IngestToken string `json:"ingestToken"` + // Labels to categorize the action. + // Stability: Preview + Labels []string `json:"labels"` } // GetId returns ActionDetailsHumioRepoAction.Id, and is useful for accessing the field via an interface. @@ -286,14 +314,19 @@ func (v *ActionDetailsHumioRepoAction) GetName() string { return v.Name } // GetIngestToken returns ActionDetailsHumioRepoAction.IngestToken, and is useful for accessing the field via an interface. func (v *ActionDetailsHumioRepoAction) GetIngestToken() string { return v.IngestToken } +// GetLabels returns ActionDetailsHumioRepoAction.Labels, and is useful for accessing the field via an interface. +func (v *ActionDetailsHumioRepoAction) GetLabels() []string { return v.Labels } + // ActionDetails includes the GraphQL fields of OpsGenieAction requested by the fragment ActionDetails. // The GraphQL type's documentation follows. // // An action that can be invoked from a trigger. type ActionDetailsOpsGenieAction struct { - // An action that can be invoked from a trigger. + // The id of the action. + // Stability: Long-term Id string `json:"id"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` // OpsGenie webhook url to send the request to. // Stability: Long-term @@ -301,9 +334,12 @@ type ActionDetailsOpsGenieAction struct { // Key to authenticate with OpsGenie. // Stability: Long-term GenieKey string `json:"genieKey"` - // Defines whether the action should use the configured proxy to make web requests. + // Defines whether the action should use the configured HTTP proxy to send requests. // Stability: Long-term UseProxy bool `json:"useProxy"` + // Labels to categorize the action. + // Stability: Preview + Labels []string `json:"labels"` } // GetId returns ActionDetailsOpsGenieAction.Id, and is useful for accessing the field via an interface. @@ -321,14 +357,19 @@ func (v *ActionDetailsOpsGenieAction) GetGenieKey() string { return v.GenieKey } // GetUseProxy returns ActionDetailsOpsGenieAction.UseProxy, and is useful for accessing the field via an interface. func (v *ActionDetailsOpsGenieAction) GetUseProxy() bool { return v.UseProxy } +// GetLabels returns ActionDetailsOpsGenieAction.Labels, and is useful for accessing the field via an interface. +func (v *ActionDetailsOpsGenieAction) GetLabels() []string { return v.Labels } + // ActionDetails includes the GraphQL fields of PagerDutyAction requested by the fragment ActionDetails. // The GraphQL type's documentation follows. // // An action that can be invoked from a trigger. type ActionDetailsPagerDutyAction struct { - // An action that can be invoked from a trigger. + // The id of the action. + // Stability: Long-term Id string `json:"id"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` // Severity level to give to the message. // Stability: Long-term @@ -336,9 +377,12 @@ type ActionDetailsPagerDutyAction struct { // Routing key to authenticate with PagerDuty. // Stability: Long-term RoutingKey string `json:"routingKey"` - // Defines whether the action should use the configured proxy to make web requests. + // Defines whether the action should use the configured HTTP proxy to send requests. // Stability: Long-term UseProxy bool `json:"useProxy"` + // Labels to categorize the action. + // Stability: Preview + Labels []string `json:"labels"` } // GetId returns ActionDetailsPagerDutyAction.Id, and is useful for accessing the field via an interface. @@ -356,14 +400,86 @@ func (v *ActionDetailsPagerDutyAction) GetRoutingKey() string { return v.Routing // GetUseProxy returns ActionDetailsPagerDutyAction.UseProxy, and is useful for accessing the field via an interface. func (v *ActionDetailsPagerDutyAction) GetUseProxy() bool { return v.UseProxy } +// GetLabels returns ActionDetailsPagerDutyAction.Labels, and is useful for accessing the field via an interface. +func (v *ActionDetailsPagerDutyAction) GetLabels() []string { return v.Labels } + +// ActionDetails includes the GraphQL fields of S3Action requested by the fragment ActionDetails. +// The GraphQL type's documentation follows. +// +// An action that can be invoked from a trigger. +type ActionDetailsS3Action struct { + // The id of the action. + // Stability: Long-term + Id string `json:"id"` + // The name of the action. + // Stability: Long-term + Name string `json:"name"` + // ARN of the role to be assumed. + // Stability: Long-term + RoleArn string `json:"roleArn"` + // AWS region. For options see: https://docs.aws.amazon.com/general/latest/gr/s3.html + // Stability: Long-term + AwsRegion string `json:"awsRegion"` + // Name of the bucket. + // Stability: Long-term + BucketName string `json:"bucketName"` + // Name of the file(s). You can use most message templates for this. See documentation for S3 action: https://library.humio.com/data-analysis/automated-actions-s3.html + // Stability: Long-term + FileName string `json:"fileName"` + // Output format type for the result. Can be either NDJSON or CSV. + // Stability: Long-term + OutputFormat S3ActionEventOutputFormat `json:"outputFormat"` + // Whether to output metadata for the result. Metadata will be output as a separate JSON file. + // Stability: Long-term + OutputMetadata bool `json:"outputMetadata"` + // Defines whether the action should use the configured HTTP proxy to send requests. + // Stability: Long-term + UseProxy bool `json:"useProxy"` + // Labels to categorize the action. + // Stability: Preview + Labels []string `json:"labels"` +} + +// GetId returns ActionDetailsS3Action.Id, and is useful for accessing the field via an interface. +func (v *ActionDetailsS3Action) GetId() string { return v.Id } + +// GetName returns ActionDetailsS3Action.Name, and is useful for accessing the field via an interface. +func (v *ActionDetailsS3Action) GetName() string { return v.Name } + +// GetRoleArn returns ActionDetailsS3Action.RoleArn, and is useful for accessing the field via an interface. +func (v *ActionDetailsS3Action) GetRoleArn() string { return v.RoleArn } + +// GetAwsRegion returns ActionDetailsS3Action.AwsRegion, and is useful for accessing the field via an interface. +func (v *ActionDetailsS3Action) GetAwsRegion() string { return v.AwsRegion } + +// GetBucketName returns ActionDetailsS3Action.BucketName, and is useful for accessing the field via an interface. +func (v *ActionDetailsS3Action) GetBucketName() string { return v.BucketName } + +// GetFileName returns ActionDetailsS3Action.FileName, and is useful for accessing the field via an interface. +func (v *ActionDetailsS3Action) GetFileName() string { return v.FileName } + +// GetOutputFormat returns ActionDetailsS3Action.OutputFormat, and is useful for accessing the field via an interface. +func (v *ActionDetailsS3Action) GetOutputFormat() S3ActionEventOutputFormat { return v.OutputFormat } + +// GetOutputMetadata returns ActionDetailsS3Action.OutputMetadata, and is useful for accessing the field via an interface. +func (v *ActionDetailsS3Action) GetOutputMetadata() bool { return v.OutputMetadata } + +// GetUseProxy returns ActionDetailsS3Action.UseProxy, and is useful for accessing the field via an interface. +func (v *ActionDetailsS3Action) GetUseProxy() bool { return v.UseProxy } + +// GetLabels returns ActionDetailsS3Action.Labels, and is useful for accessing the field via an interface. +func (v *ActionDetailsS3Action) GetLabels() []string { return v.Labels } + // ActionDetails includes the GraphQL fields of SlackAction requested by the fragment ActionDetails. // The GraphQL type's documentation follows. // // An action that can be invoked from a trigger. type ActionDetailsSlackAction struct { - // An action that can be invoked from a trigger. + // The id of the action. + // Stability: Long-term Id string `json:"id"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` // Slack webhook url to send the request to. // Stability: Long-term @@ -371,9 +487,12 @@ type ActionDetailsSlackAction struct { // Fields to include within the Slack message. Can be templated with values from the result. // Stability: Long-term Fields []ActionDetailsFieldsSlackFieldEntry `json:"fields"` - // Defines whether the action should use the configured proxy to make web requests. + // Defines whether the action should use the configured HTTP proxy to send requests. // Stability: Long-term UseProxy bool `json:"useProxy"` + // Labels to categorize the action. + // Stability: Preview + Labels []string `json:"labels"` } // GetId returns ActionDetailsSlackAction.Id, and is useful for accessing the field via an interface. @@ -391,14 +510,19 @@ func (v *ActionDetailsSlackAction) GetFields() []ActionDetailsFieldsSlackFieldEn // GetUseProxy returns ActionDetailsSlackAction.UseProxy, and is useful for accessing the field via an interface. func (v *ActionDetailsSlackAction) GetUseProxy() bool { return v.UseProxy } +// GetLabels returns ActionDetailsSlackAction.Labels, and is useful for accessing the field via an interface. +func (v *ActionDetailsSlackAction) GetLabels() []string { return v.Labels } + // ActionDetails includes the GraphQL fields of SlackPostMessageAction requested by the fragment ActionDetails. // The GraphQL type's documentation follows. // // An action that can be invoked from a trigger. type ActionDetailsSlackPostMessageAction struct { - // An action that can be invoked from a trigger. + // The id of the action. + // Stability: Long-term Id string `json:"id"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` // Api token to authenticate with Slack. // Stability: Long-term @@ -409,9 +533,12 @@ type ActionDetailsSlackPostMessageAction struct { // Fields to include within the Slack message. Can be templated with values from the result. // Stability: Long-term Fields []ActionDetailsFieldsSlackFieldEntry `json:"fields"` - // Defines whether the action should use the configured proxy to make web requests. + // Defines whether the action should use the configured HTTP proxy to send requests. // Stability: Long-term UseProxy bool `json:"useProxy"` + // Labels to categorize the action. + // Stability: Preview + Labels []string `json:"labels"` } // GetId returns ActionDetailsSlackPostMessageAction.Id, and is useful for accessing the field via an interface. @@ -434,18 +561,26 @@ func (v *ActionDetailsSlackPostMessageAction) GetFields() []ActionDetailsFieldsS // GetUseProxy returns ActionDetailsSlackPostMessageAction.UseProxy, and is useful for accessing the field via an interface. func (v *ActionDetailsSlackPostMessageAction) GetUseProxy() bool { return v.UseProxy } +// GetLabels returns ActionDetailsSlackPostMessageAction.Labels, and is useful for accessing the field via an interface. +func (v *ActionDetailsSlackPostMessageAction) GetLabels() []string { return v.Labels } + // ActionDetails includes the GraphQL fields of UploadFileAction requested by the fragment ActionDetails. // The GraphQL type's documentation follows. // // An action that can be invoked from a trigger. type ActionDetailsUploadFileAction struct { - // An action that can be invoked from a trigger. + // The id of the action. + // Stability: Long-term Id string `json:"id"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` // File name for the uploaded file. // Stability: Long-term FileName string `json:"fileName"` + // Labels to categorize the action. + // Stability: Preview + Labels []string `json:"labels"` } // GetId returns ActionDetailsUploadFileAction.Id, and is useful for accessing the field via an interface. @@ -457,14 +592,19 @@ func (v *ActionDetailsUploadFileAction) GetName() string { return v.Name } // GetFileName returns ActionDetailsUploadFileAction.FileName, and is useful for accessing the field via an interface. func (v *ActionDetailsUploadFileAction) GetFileName() string { return v.FileName } +// GetLabels returns ActionDetailsUploadFileAction.Labels, and is useful for accessing the field via an interface. +func (v *ActionDetailsUploadFileAction) GetLabels() []string { return v.Labels } + // ActionDetails includes the GraphQL fields of VictorOpsAction requested by the fragment ActionDetails. // The GraphQL type's documentation follows. // // An action that can be invoked from a trigger. type ActionDetailsVictorOpsAction struct { - // An action that can be invoked from a trigger. + // The id of the action. + // Stability: Long-term Id string `json:"id"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` // Type of the VictorOps message to make. // Stability: Long-term @@ -472,9 +612,12 @@ type ActionDetailsVictorOpsAction struct { // VictorOps webhook url to send the request to. // Stability: Long-term NotifyUrl string `json:"notifyUrl"` - // Defines whether the action should use the configured proxy to make web requests. + // Defines whether the action should use the configured HTTP proxy to send requests. // Stability: Long-term UseProxy bool `json:"useProxy"` + // Labels to categorize the action. + // Stability: Preview + Labels []string `json:"labels"` } // GetId returns ActionDetailsVictorOpsAction.Id, and is useful for accessing the field via an interface. @@ -492,14 +635,19 @@ func (v *ActionDetailsVictorOpsAction) GetNotifyUrl() string { return v.NotifyUr // GetUseProxy returns ActionDetailsVictorOpsAction.UseProxy, and is useful for accessing the field via an interface. func (v *ActionDetailsVictorOpsAction) GetUseProxy() bool { return v.UseProxy } +// GetLabels returns ActionDetailsVictorOpsAction.Labels, and is useful for accessing the field via an interface. +func (v *ActionDetailsVictorOpsAction) GetLabels() []string { return v.Labels } + // ActionDetails includes the GraphQL fields of WebhookAction requested by the fragment ActionDetails. // The GraphQL type's documentation follows. // // An action that can be invoked from a trigger. type ActionDetailsWebhookAction struct { - // An action that can be invoked from a trigger. + // The id of the action. + // Stability: Long-term Id string `json:"id"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` // Method to use for the request. // Stability: Long-term @@ -516,9 +664,12 @@ type ActionDetailsWebhookAction struct { // Flag indicating whether SSL should be ignored for the request. // Stability: Long-term IgnoreSSL bool `json:"ignoreSSL"` - // Defines whether the action should use the configured proxy to make web requests. + // Defines whether the action should use the configured HTTP proxy to send requests. // Stability: Long-term UseProxy bool `json:"useProxy"` + // Labels to categorize the action. + // Stability: Preview + Labels []string `json:"labels"` } // GetId returns ActionDetailsWebhookAction.Id, and is useful for accessing the field via an interface. @@ -547,6 +698,9 @@ func (v *ActionDetailsWebhookAction) GetIgnoreSSL() bool { return v.IgnoreSSL } // GetUseProxy returns ActionDetailsWebhookAction.UseProxy, and is useful for accessing the field via an interface. func (v *ActionDetailsWebhookAction) GetUseProxy() bool { return v.UseProxy } +// GetLabels returns ActionDetailsWebhookAction.Labels, and is useful for accessing the field via an interface. +func (v *ActionDetailsWebhookAction) GetLabels() []string { return v.Labels } + // AddIngestTokenAddIngestTokenV3IngestToken includes the requested fields of the GraphQL type IngestToken. // The GraphQL type's documentation follows. // @@ -1156,6 +1310,7 @@ func (v *AggregateAlertDetails) __premarshalJSON() (*__premarshalAggregateAlertD // AggregateAlertDetailsActionsHumioRepoAction // AggregateAlertDetailsActionsOpsGenieAction // AggregateAlertDetailsActionsPagerDutyAction +// AggregateAlertDetailsActionsS3Action // AggregateAlertDetailsActionsSlackAction // AggregateAlertDetailsActionsSlackPostMessageAction // AggregateAlertDetailsActionsUploadFileAction @@ -1171,7 +1326,8 @@ type AggregateAlertDetailsActionsAction interface { // GetName returns the interface-field "name" from its implementation. // The GraphQL interface field's documentation follows. // - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term GetName() string } @@ -1183,6 +1339,8 @@ func (v *AggregateAlertDetailsActionsOpsGenieAction) implementsGraphQLInterfaceA } func (v *AggregateAlertDetailsActionsPagerDutyAction) implementsGraphQLInterfaceAggregateAlertDetailsActionsAction() { } +func (v *AggregateAlertDetailsActionsS3Action) implementsGraphQLInterfaceAggregateAlertDetailsActionsAction() { +} func (v *AggregateAlertDetailsActionsSlackAction) implementsGraphQLInterfaceAggregateAlertDetailsActionsAction() { } func (v *AggregateAlertDetailsActionsSlackPostMessageAction) implementsGraphQLInterfaceAggregateAlertDetailsActionsAction() { @@ -1220,6 +1378,9 @@ func __unmarshalAggregateAlertDetailsActionsAction(b []byte, v *AggregateAlertDe case "PagerDutyAction": *v = new(AggregateAlertDetailsActionsPagerDutyAction) return json.Unmarshal(b, *v) + case "S3Action": + *v = new(AggregateAlertDetailsActionsS3Action) + return json.Unmarshal(b, *v) case "SlackAction": *v = new(AggregateAlertDetailsActionsSlackAction) return json.Unmarshal(b, *v) @@ -1280,6 +1441,14 @@ func __marshalAggregateAlertDetailsActionsAction(v *AggregateAlertDetailsActions *AggregateAlertDetailsActionsPagerDutyAction }{typename, v} return json.Marshal(result) + case *AggregateAlertDetailsActionsS3Action: + typename = "S3Action" + + result := struct { + TypeName string `json:"__typename"` + *AggregateAlertDetailsActionsS3Action + }{typename, v} + return json.Marshal(result) case *AggregateAlertDetailsActionsSlackAction: typename = "SlackAction" @@ -1334,7 +1503,8 @@ func __marshalAggregateAlertDetailsActionsAction(v *AggregateAlertDetailsActions // An email action. type AggregateAlertDetailsActionsEmailAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -1350,7 +1520,8 @@ func (v *AggregateAlertDetailsActionsEmailAction) GetName() string { return v.Na // A LogScale repository action. type AggregateAlertDetailsActionsHumioRepoAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -1366,7 +1537,8 @@ func (v *AggregateAlertDetailsActionsHumioRepoAction) GetName() string { return // An OpsGenie action type AggregateAlertDetailsActionsOpsGenieAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -1382,7 +1554,8 @@ func (v *AggregateAlertDetailsActionsOpsGenieAction) GetName() string { return v // A PagerDuty action. type AggregateAlertDetailsActionsPagerDutyAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -1392,13 +1565,31 @@ func (v *AggregateAlertDetailsActionsPagerDutyAction) GetTypename() *string { re // GetName returns AggregateAlertDetailsActionsPagerDutyAction.Name, and is useful for accessing the field via an interface. func (v *AggregateAlertDetailsActionsPagerDutyAction) GetName() string { return v.Name } +// AggregateAlertDetailsActionsS3Action includes the requested fields of the GraphQL type S3Action. +// The GraphQL type's documentation follows. +// +// An S3 action +type AggregateAlertDetailsActionsS3Action struct { + Typename *string `json:"__typename"` + // The name of the action. + // Stability: Long-term + Name string `json:"name"` +} + +// GetTypename returns AggregateAlertDetailsActionsS3Action.Typename, and is useful for accessing the field via an interface. +func (v *AggregateAlertDetailsActionsS3Action) GetTypename() *string { return v.Typename } + +// GetName returns AggregateAlertDetailsActionsS3Action.Name, and is useful for accessing the field via an interface. +func (v *AggregateAlertDetailsActionsS3Action) GetName() string { return v.Name } + // AggregateAlertDetailsActionsSlackAction includes the requested fields of the GraphQL type SlackAction. // The GraphQL type's documentation follows. // // A Slack action type AggregateAlertDetailsActionsSlackAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -1414,7 +1605,8 @@ func (v *AggregateAlertDetailsActionsSlackAction) GetName() string { return v.Na // A slack post-message action. type AggregateAlertDetailsActionsSlackPostMessageAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -1430,7 +1622,8 @@ func (v *AggregateAlertDetailsActionsSlackPostMessageAction) GetName() string { // An upload file action. type AggregateAlertDetailsActionsUploadFileAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -1446,7 +1639,8 @@ func (v *AggregateAlertDetailsActionsUploadFileAction) GetName() string { return // A VictorOps action. type AggregateAlertDetailsActionsVictorOpsAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -1462,7 +1656,8 @@ func (v *AggregateAlertDetailsActionsVictorOpsAction) GetName() string { return // A webhook action type AggregateAlertDetailsActionsWebhookAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -1477,7 +1672,7 @@ func (v *AggregateAlertDetailsActionsWebhookAction) GetName() string { return v. // // An alert. type AlertDetails struct { - // Id of the alert. + // Id of the legacy alert. // Stability: Long-term Id string `json:"id"` // Name of the alert. @@ -1495,8 +1690,6 @@ type AlertDetails struct { // Unix timestamp for when the alert was last triggered. // Stability: Long-term TimeOfLastTrigger *int64 `json:"timeOfLastTrigger"` - // Flag indicating whether the calling user has 'starred' the alert. - IsStarred bool `json:"isStarred"` // Name of the alert. // Stability: Long-term Description *string `json:"description"` @@ -1538,9 +1731,6 @@ func (v *AlertDetails) GetThrottleField() *string { return v.ThrottleField } // GetTimeOfLastTrigger returns AlertDetails.TimeOfLastTrigger, and is useful for accessing the field via an interface. func (v *AlertDetails) GetTimeOfLastTrigger() *int64 { return v.TimeOfLastTrigger } -// GetIsStarred returns AlertDetails.IsStarred, and is useful for accessing the field via an interface. -func (v *AlertDetails) GetIsStarred() bool { return v.IsStarred } - // GetDescription returns AlertDetails.Description, and is useful for accessing the field via an interface. func (v *AlertDetails) GetDescription() *string { return v.Description } @@ -1608,8 +1798,6 @@ type __premarshalAlertDetails struct { TimeOfLastTrigger *int64 `json:"timeOfLastTrigger"` - IsStarred bool `json:"isStarred"` - Description *string `json:"description"` ThrottleTimeMillis int64 `json:"throttleTimeMillis"` @@ -1642,7 +1830,6 @@ func (v *AlertDetails) __premarshalJSON() (*__premarshalAlertDetails, error) { retval.QueryStart = v.QueryStart retval.ThrottleField = v.ThrottleField retval.TimeOfLastTrigger = v.TimeOfLastTrigger - retval.IsStarred = v.IsStarred retval.Description = v.Description retval.ThrottleTimeMillis = v.ThrottleTimeMillis retval.Enabled = v.Enabled @@ -2052,9 +2239,6 @@ func (v *CreateAlertCreateAlert) GetTimeOfLastTrigger() *int64 { return v.AlertDetails.TimeOfLastTrigger } -// GetIsStarred returns CreateAlertCreateAlert.IsStarred, and is useful for accessing the field via an interface. -func (v *CreateAlertCreateAlert) GetIsStarred() bool { return v.AlertDetails.IsStarred } - // GetDescription returns CreateAlertCreateAlert.Description, and is useful for accessing the field via an interface. func (v *CreateAlertCreateAlert) GetDescription() *string { return v.AlertDetails.Description } @@ -2118,8 +2302,6 @@ type __premarshalCreateAlertCreateAlert struct { TimeOfLastTrigger *int64 `json:"timeOfLastTrigger"` - IsStarred bool `json:"isStarred"` - Description *string `json:"description"` ThrottleTimeMillis int64 `json:"throttleTimeMillis"` @@ -2152,7 +2334,6 @@ func (v *CreateAlertCreateAlert) __premarshalJSON() (*__premarshalCreateAlertCre retval.QueryStart = v.AlertDetails.QueryStart retval.ThrottleField = v.AlertDetails.ThrottleField retval.TimeOfLastTrigger = v.AlertDetails.TimeOfLastTrigger - retval.IsStarred = v.AlertDetails.IsStarred retval.Description = v.AlertDetails.Description retval.ThrottleTimeMillis = v.AlertDetails.ThrottleTimeMillis retval.Enabled = v.AlertDetails.Enabled @@ -2204,9 +2385,12 @@ type CreateEmailActionCreateEmailAction struct { // Body of the email. Can be templated with values from the result. // Stability: Long-term BodyTemplate *string `json:"bodyTemplate"` - // Defines whether the action should use the configured proxy to make web requests. + // Defines whether the action should use the configured HTTP proxy to send requests. // Stability: Long-term UseProxy bool `json:"useProxy"` + // Labels to categorize the action. + // Stability: Preview + Labels []string `json:"labels"` } // GetId returns CreateEmailActionCreateEmailAction.Id, and is useful for accessing the field via an interface. @@ -2227,6 +2411,9 @@ func (v *CreateEmailActionCreateEmailAction) GetBodyTemplate() *string { return // GetUseProxy returns CreateEmailActionCreateEmailAction.UseProxy, and is useful for accessing the field via an interface. func (v *CreateEmailActionCreateEmailAction) GetUseProxy() bool { return v.UseProxy } +// GetLabels returns CreateEmailActionCreateEmailAction.Labels, and is useful for accessing the field via an interface. +func (v *CreateEmailActionCreateEmailAction) GetLabels() []string { return v.Labels } + // CreateEmailActionResponse is returned by CreateEmailAction on success. type CreateEmailActionResponse struct { // Create an email action. @@ -2414,6 +2601,9 @@ type CreateHumioRepoActionCreateHumioRepoAction struct { // Humio ingest token for the dataspace that the action should ingest into. // Stability: Long-term IngestToken string `json:"ingestToken"` + // Labels to categorize the action. + // Stability: Preview + Labels []string `json:"labels"` } // GetId returns CreateHumioRepoActionCreateHumioRepoAction.Id, and is useful for accessing the field via an interface. @@ -2425,6 +2615,9 @@ func (v *CreateHumioRepoActionCreateHumioRepoAction) GetName() string { return v // GetIngestToken returns CreateHumioRepoActionCreateHumioRepoAction.IngestToken, and is useful for accessing the field via an interface. func (v *CreateHumioRepoActionCreateHumioRepoAction) GetIngestToken() string { return v.IngestToken } +// GetLabels returns CreateHumioRepoActionCreateHumioRepoAction.Labels, and is useful for accessing the field via an interface. +func (v *CreateHumioRepoActionCreateHumioRepoAction) GetLabels() []string { return v.Labels } + // CreateHumioRepoActionResponse is returned by CreateHumioRepoAction on success. type CreateHumioRepoActionResponse struct { // Create a LogScale repository action. @@ -2454,9 +2647,12 @@ type CreateOpsGenieActionCreateOpsGenieAction struct { // Key to authenticate with OpsGenie. // Stability: Long-term GenieKey string `json:"genieKey"` - // Defines whether the action should use the configured proxy to make web requests. + // Defines whether the action should use the configured HTTP proxy to send requests. // Stability: Long-term UseProxy bool `json:"useProxy"` + // Labels to categorize the action. + // Stability: Preview + Labels []string `json:"labels"` } // GetId returns CreateOpsGenieActionCreateOpsGenieAction.Id, and is useful for accessing the field via an interface. @@ -2474,6 +2670,9 @@ func (v *CreateOpsGenieActionCreateOpsGenieAction) GetGenieKey() string { return // GetUseProxy returns CreateOpsGenieActionCreateOpsGenieAction.UseProxy, and is useful for accessing the field via an interface. func (v *CreateOpsGenieActionCreateOpsGenieAction) GetUseProxy() bool { return v.UseProxy } +// GetLabels returns CreateOpsGenieActionCreateOpsGenieAction.Labels, and is useful for accessing the field via an interface. +func (v *CreateOpsGenieActionCreateOpsGenieAction) GetLabels() []string { return v.Labels } + // CreateOpsGenieActionResponse is returned by CreateOpsGenieAction on success. type CreateOpsGenieActionResponse struct { // Create an OpsGenie action. @@ -2503,9 +2702,12 @@ type CreatePagerDutyActionCreatePagerDutyAction struct { // Routing key to authenticate with PagerDuty. // Stability: Long-term RoutingKey string `json:"routingKey"` - // Defines whether the action should use the configured proxy to make web requests. + // Defines whether the action should use the configured HTTP proxy to send requests. // Stability: Long-term UseProxy bool `json:"useProxy"` + // Labels to categorize the action. + // Stability: Preview + Labels []string `json:"labels"` } // GetId returns CreatePagerDutyActionCreatePagerDutyAction.Id, and is useful for accessing the field via an interface. @@ -2523,6 +2725,9 @@ func (v *CreatePagerDutyActionCreatePagerDutyAction) GetRoutingKey() string { re // GetUseProxy returns CreatePagerDutyActionCreatePagerDutyAction.UseProxy, and is useful for accessing the field via an interface. func (v *CreatePagerDutyActionCreatePagerDutyAction) GetUseProxy() bool { return v.UseProxy } +// GetLabels returns CreatePagerDutyActionCreatePagerDutyAction.Labels, and is useful for accessing the field via an interface. +func (v *CreatePagerDutyActionCreatePagerDutyAction) GetLabels() []string { return v.Labels } + // CreatePagerDutyActionResponse is returned by CreatePagerDutyAction on success. type CreatePagerDutyActionResponse struct { // Create a PagerDuty action. @@ -2804,6 +3009,87 @@ func (v *CreateRepositoryResponse) GetCreateRepository() CreateRepositoryCreateR return v.CreateRepository } +// CreateS3ActionCreateS3Action includes the requested fields of the GraphQL type S3Action. +// The GraphQL type's documentation follows. +// +// An S3 action +type CreateS3ActionCreateS3Action struct { + // The id of the action. + // Stability: Long-term + Id string `json:"id"` + // The name of the action. + // Stability: Long-term + Name string `json:"name"` + // ARN of the role to be assumed. + // Stability: Long-term + RoleArn string `json:"roleArn"` + // AWS region. For options see: https://docs.aws.amazon.com/general/latest/gr/s3.html + // Stability: Long-term + AwsRegion string `json:"awsRegion"` + // Name of the bucket. + // Stability: Long-term + BucketName string `json:"bucketName"` + // Name of the file(s). You can use most message templates for this. See documentation for S3 action: https://library.humio.com/data-analysis/automated-actions-s3.html + // Stability: Long-term + FileName string `json:"fileName"` + // Output format type for the result. Can be either NDJSON or CSV. + // Stability: Long-term + OutputFormat S3ActionEventOutputFormat `json:"outputFormat"` + // Whether to output metadata for the result. Metadata will be output as a separate JSON file. + // Stability: Long-term + OutputMetadata bool `json:"outputMetadata"` + // Defines whether the action should use the configured HTTP proxy to send requests. + // Stability: Long-term + UseProxy bool `json:"useProxy"` + // Labels to categorize the action. + // Stability: Preview + Labels []string `json:"labels"` +} + +// GetId returns CreateS3ActionCreateS3Action.Id, and is useful for accessing the field via an interface. +func (v *CreateS3ActionCreateS3Action) GetId() string { return v.Id } + +// GetName returns CreateS3ActionCreateS3Action.Name, and is useful for accessing the field via an interface. +func (v *CreateS3ActionCreateS3Action) GetName() string { return v.Name } + +// GetRoleArn returns CreateS3ActionCreateS3Action.RoleArn, and is useful for accessing the field via an interface. +func (v *CreateS3ActionCreateS3Action) GetRoleArn() string { return v.RoleArn } + +// GetAwsRegion returns CreateS3ActionCreateS3Action.AwsRegion, and is useful for accessing the field via an interface. +func (v *CreateS3ActionCreateS3Action) GetAwsRegion() string { return v.AwsRegion } + +// GetBucketName returns CreateS3ActionCreateS3Action.BucketName, and is useful for accessing the field via an interface. +func (v *CreateS3ActionCreateS3Action) GetBucketName() string { return v.BucketName } + +// GetFileName returns CreateS3ActionCreateS3Action.FileName, and is useful for accessing the field via an interface. +func (v *CreateS3ActionCreateS3Action) GetFileName() string { return v.FileName } + +// GetOutputFormat returns CreateS3ActionCreateS3Action.OutputFormat, and is useful for accessing the field via an interface. +func (v *CreateS3ActionCreateS3Action) GetOutputFormat() S3ActionEventOutputFormat { + return v.OutputFormat +} + +// GetOutputMetadata returns CreateS3ActionCreateS3Action.OutputMetadata, and is useful for accessing the field via an interface. +func (v *CreateS3ActionCreateS3Action) GetOutputMetadata() bool { return v.OutputMetadata } + +// GetUseProxy returns CreateS3ActionCreateS3Action.UseProxy, and is useful for accessing the field via an interface. +func (v *CreateS3ActionCreateS3Action) GetUseProxy() bool { return v.UseProxy } + +// GetLabels returns CreateS3ActionCreateS3Action.Labels, and is useful for accessing the field via an interface. +func (v *CreateS3ActionCreateS3Action) GetLabels() []string { return v.Labels } + +// CreateS3ActionResponse is returned by CreateS3Action on success. +type CreateS3ActionResponse struct { + // Create an S3 action. + // Stability: Long-term + CreateS3Action CreateS3ActionCreateS3Action `json:"createS3Action"` +} + +// GetCreateS3Action returns CreateS3ActionResponse.CreateS3Action, and is useful for accessing the field via an interface. +func (v *CreateS3ActionResponse) GetCreateS3Action() CreateS3ActionCreateS3Action { + return v.CreateS3Action +} + // CreateScheduledSearchCreateScheduledSearch includes the requested fields of the GraphQL type ScheduledSearch. // The GraphQL type's documentation follows. // @@ -3222,9 +3508,12 @@ type CreateSlackActionCreateSlackAction struct { // Slack webhook url to send the request to. // Stability: Long-term Url string `json:"url"` - // Defines whether the action should use the configured proxy to make web requests. + // Defines whether the action should use the configured HTTP proxy to send requests. // Stability: Long-term UseProxy bool `json:"useProxy"` + // Labels to categorize the action. + // Stability: Preview + Labels []string `json:"labels"` } // GetId returns CreateSlackActionCreateSlackAction.Id, and is useful for accessing the field via an interface. @@ -3244,6 +3533,9 @@ func (v *CreateSlackActionCreateSlackAction) GetUrl() string { return v.Url } // GetUseProxy returns CreateSlackActionCreateSlackAction.UseProxy, and is useful for accessing the field via an interface. func (v *CreateSlackActionCreateSlackAction) GetUseProxy() bool { return v.UseProxy } +// GetLabels returns CreateSlackActionCreateSlackAction.Labels, and is useful for accessing the field via an interface. +func (v *CreateSlackActionCreateSlackAction) GetLabels() []string { return v.Labels } + // CreateSlackActionCreateSlackActionFieldsSlackFieldEntry includes the requested fields of the GraphQL type SlackFieldEntry. // The GraphQL type's documentation follows. // @@ -3297,9 +3589,12 @@ type CreateSlackPostMessageActionCreateSlackPostMessageAction struct { // Fields to include within the Slack message. Can be templated with values from the result. // Stability: Long-term Fields []CreateSlackPostMessageActionCreateSlackPostMessageActionFieldsSlackFieldEntry `json:"fields"` - // Defines whether the action should use the configured proxy to make web requests. + // Defines whether the action should use the configured HTTP proxy to send requests. // Stability: Long-term UseProxy bool `json:"useProxy"` + // Labels to categorize the action. + // Stability: Preview + Labels []string `json:"labels"` } // GetId returns CreateSlackPostMessageActionCreateSlackPostMessageAction.Id, and is useful for accessing the field via an interface. @@ -3328,6 +3623,11 @@ func (v *CreateSlackPostMessageActionCreateSlackPostMessageAction) GetUseProxy() return v.UseProxy } +// GetLabels returns CreateSlackPostMessageActionCreateSlackPostMessageAction.Labels, and is useful for accessing the field via an interface. +func (v *CreateSlackPostMessageActionCreateSlackPostMessageAction) GetLabels() []string { + return v.Labels +} + // CreateSlackPostMessageActionCreateSlackPostMessageActionFieldsSlackFieldEntry includes the requested fields of the GraphQL type SlackFieldEntry. // The GraphQL type's documentation follows. // @@ -3377,6 +3677,9 @@ type CreateUploadFileActionCreateUploadFileAction struct { // File name for the uploaded file. // Stability: Long-term FileName string `json:"fileName"` + // Labels to categorize the action. + // Stability: Preview + Labels []string `json:"labels"` } // GetId returns CreateUploadFileActionCreateUploadFileAction.Id, and is useful for accessing the field via an interface. @@ -3388,6 +3691,9 @@ func (v *CreateUploadFileActionCreateUploadFileAction) GetName() string { return // GetFileName returns CreateUploadFileActionCreateUploadFileAction.FileName, and is useful for accessing the field via an interface. func (v *CreateUploadFileActionCreateUploadFileAction) GetFileName() string { return v.FileName } +// GetLabels returns CreateUploadFileActionCreateUploadFileAction.Labels, and is useful for accessing the field via an interface. +func (v *CreateUploadFileActionCreateUploadFileAction) GetLabels() []string { return v.Labels } + // CreateUploadFileActionResponse is returned by CreateUploadFileAction on success. type CreateUploadFileActionResponse struct { // Create an upload file action. @@ -3417,9 +3723,12 @@ type CreateVictorOpsActionCreateVictorOpsAction struct { // VictorOps webhook url to send the request to. // Stability: Long-term NotifyUrl string `json:"notifyUrl"` - // Defines whether the action should use the configured proxy to make web requests. + // Defines whether the action should use the configured HTTP proxy to send requests. // Stability: Long-term UseProxy bool `json:"useProxy"` + // Labels to categorize the action. + // Stability: Preview + Labels []string `json:"labels"` } // GetId returns CreateVictorOpsActionCreateVictorOpsAction.Id, and is useful for accessing the field via an interface. @@ -3437,6 +3746,9 @@ func (v *CreateVictorOpsActionCreateVictorOpsAction) GetNotifyUrl() string { ret // GetUseProxy returns CreateVictorOpsActionCreateVictorOpsAction.UseProxy, and is useful for accessing the field via an interface. func (v *CreateVictorOpsActionCreateVictorOpsAction) GetUseProxy() bool { return v.UseProxy } +// GetLabels returns CreateVictorOpsActionCreateVictorOpsAction.Labels, and is useful for accessing the field via an interface. +func (v *CreateVictorOpsActionCreateVictorOpsAction) GetLabels() []string { return v.Labels } + // CreateVictorOpsActionResponse is returned by CreateVictorOpsAction on success. type CreateVictorOpsActionResponse struct { // Create a VictorOps action. @@ -3496,9 +3808,12 @@ type CreateWebhookActionCreateWebhookAction struct { // Flag indicating whether SSL should be ignored for the request. // Stability: Long-term IgnoreSSL bool `json:"ignoreSSL"` - // Defines whether the action should use the configured proxy to make web requests. + // Defines whether the action should use the configured HTTP proxy to send requests. // Stability: Long-term UseProxy bool `json:"useProxy"` + // Labels to categorize the action. + // Stability: Preview + Labels []string `json:"labels"` } // GetId returns CreateWebhookActionCreateWebhookAction.Id, and is useful for accessing the field via an interface. @@ -3527,6 +3842,9 @@ func (v *CreateWebhookActionCreateWebhookAction) GetIgnoreSSL() bool { return v. // GetUseProxy returns CreateWebhookActionCreateWebhookAction.UseProxy, and is useful for accessing the field via an interface. func (v *CreateWebhookActionCreateWebhookAction) GetUseProxy() bool { return v.UseProxy } +// GetLabels returns CreateWebhookActionCreateWebhookAction.Labels, and is useful for accessing the field via an interface. +func (v *CreateWebhookActionCreateWebhookAction) GetLabels() []string { return v.Labels } + // CreateWebhookActionCreateWebhookActionHeadersHttpHeaderEntry includes the requested fields of the GraphQL type HttpHeaderEntry. // The GraphQL type's documentation follows. // @@ -3565,7 +3883,6 @@ func (v *CreateWebhookActionResponse) GetCreateWebhookAction() CreateWebhookActi // DeleteActionByIDResponse is returned by DeleteActionByID on success. type DeleteActionByIDResponse struct { // Delete an action. - // Stability: Long-term DeleteAction bool `json:"deleteAction"` } @@ -3575,7 +3892,6 @@ func (v *DeleteActionByIDResponse) GetDeleteAction() bool { return v.DeleteActio // DeleteAggregateAlertResponse is returned by DeleteAggregateAlert on success. type DeleteAggregateAlertResponse struct { // Delete an aggregate alert. - // Stability: Long-term DeleteAggregateAlert bool `json:"deleteAggregateAlert"` } @@ -3585,7 +3901,6 @@ func (v *DeleteAggregateAlertResponse) GetDeleteAggregateAlert() bool { return v // DeleteAlertResponse is returned by DeleteAlert on success. type DeleteAlertResponse struct { // Delete an alert. - // Stability: Long-term DeleteAlert bool `json:"deleteAlert"` } @@ -3595,7 +3910,6 @@ func (v *DeleteAlertResponse) GetDeleteAlert() bool { return v.DeleteAlert } // DeleteFilterAlertResponse is returned by DeleteFilterAlert on success. type DeleteFilterAlertResponse struct { // Delete a filter alert. - // Stability: Long-term DeleteFilterAlert bool `json:"deleteFilterAlert"` } @@ -3613,7 +3927,6 @@ func (v *DeleteParserByIDDeleteParserBooleanResultType) GetTypename() *string { // DeleteParserByIDResponse is returned by DeleteParserByID on success. type DeleteParserByIDResponse struct { // Delete a parser. - // Stability: Long-term DeleteParser DeleteParserByIDDeleteParserBooleanResultType `json:"deleteParser"` } @@ -3625,7 +3938,6 @@ func (v *DeleteParserByIDResponse) GetDeleteParser() DeleteParserByIDDeleteParse // DeleteScheduledSearchByIDResponse is returned by DeleteScheduledSearchByID on success. type DeleteScheduledSearchByIDResponse struct { // Delete a scheduled search. - // Stability: Long-term DeleteScheduledSearch bool `json:"deleteScheduledSearch"` } @@ -3637,7 +3949,6 @@ func (v *DeleteScheduledSearchByIDResponse) GetDeleteScheduledSearch() bool { // DeleteScheduledSearchV2ByIDResponse is returned by DeleteScheduledSearchV2ByID on success. type DeleteScheduledSearchV2ByIDResponse struct { // Delete a scheduled search. - // Stability: Long-term DeleteScheduledSearch bool `json:"deleteScheduledSearch"` } @@ -3790,9 +4101,6 @@ const ( // Enable repeating queries. Can be used instead of live queries for functions having limitations around live queries. // Stability: Preview FeatureFlagRepeatingqueries FeatureFlag = "RepeatingQueries" - // Enable custom ingest tokens not generated by LogScale. - // Stability: Preview - FeatureFlagCustomingesttokens FeatureFlag = "CustomIngestTokens" // Use new organization limits. // Stability: Preview FeatureFlagNeworganizationlimits FeatureFlag = "NewOrganizationLimits" @@ -3800,6 +4108,10 @@ const ( // THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. // Stability: Preview FeatureFlagArrayfunctions FeatureFlag = "ArrayFunctions" + // Enable query profiling functions in the query language. + // THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + // Stability: Preview + FeatureFlagQueryprofiler FeatureFlag = "QueryProfiler" // Enable geography functions in query language. // THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. // Stability: Preview @@ -3842,74 +4154,64 @@ const ( // Enables ephemeral hosts support for fleet management // Stability: Preview FeatureFlagFleetephemeralhosts FeatureFlag = "FleetEphemeralHosts" - // Prevents the archiving logic from splitting segments into multiple archived files based on their tag groups - // Stability: Preview - FeatureFlagDontsplitsegmentsforarchiving FeatureFlag = "DontSplitSegmentsForArchiving" // Enables fleet management collector metrics // Stability: Preview FeatureFlagFleetcollectormetrics FeatureFlag = "FleetCollectorMetrics" - // No currentHosts writes for segments in buckets - // Stability: Preview - FeatureFlagNocurrentsforbucketsegments FeatureFlag = "NoCurrentsForBucketSegments" // Force a refresh of ClusterManagementStats cache before calculating UnregisterNodeBlockers in clusterUnregisterNode mutation // Stability: Preview FeatureFlagRefreshclustermanagementstatsinunregisternode FeatureFlag = "RefreshClusterManagementStatsInUnregisterNode" - // Pre-merge mini-segments - // Stability: Preview - FeatureFlagPremergeminisegments FeatureFlag = "PreMergeMiniSegments" - // Use new store for Autosharding rules - // Stability: Preview - FeatureFlagNewautoshardrulestore FeatureFlag = "NewAutoshardRuleStore" // Use a new segment file format on write - not readable by older versions // Stability: Preview FeatureFlagWritenewsegmentfileformat FeatureFlag = "WriteNewSegmentFileFormat" - // When using the new segment file format on write, also do the old solely for comparison - // THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. - // Stability: Preview - FeatureFlagMeasurenewsegmentfileformat FeatureFlag = "MeasureNewSegmentFileFormat" // Enables fleet management collector debug logging // Stability: Preview FeatureFlagFleetcollectordebuglogging FeatureFlag = "FleetCollectorDebugLogging" - // Resolve field names during codegen rather than for every event - // Stability: Preview - FeatureFlagResolvefieldscodegen FeatureFlag = "ResolveFieldsCodeGen" // Enables LogScale Collector remote updates // Stability: Preview FeatureFlagFleetremoteupdates FeatureFlag = "FleetRemoteUpdates" - // Enables alternate query merge target handling - // Stability: Preview - FeatureFlagAlternatequerymergetargethandling FeatureFlag = "AlternateQueryMergeTargetHandling" - // Allow digesters to start without having all the minis for the current merge target. Requires the AlternateQueryMergeTargetHandling feature flag to be enabled - // Stability: Preview - FeatureFlagDigestersdontneedmergetargetminis FeatureFlag = "DigestersDontNeedMergeTargetMinis" // Enables labels for fleet management - // THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. // Stability: Preview FeatureFlagFleetlabels FeatureFlag = "FleetLabels" - // Segment rebalancer handles mini segments. Can only take effect when the AlternateQueryMergeTargetHandling and DigestersDontNeedMergeTargetMinis feature flags are also enabled - // Stability: Preview - FeatureFlagSegmentrebalancerhandlesminis FeatureFlag = "SegmentRebalancerHandlesMinis" // Enables dashboards on fleet overview page - // THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. // Stability: Preview FeatureFlagFleetoverviewdashboards FeatureFlag = "FleetOverviewDashboards" - // Enables archiving for Google Cloud Storage - // THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + // Enables fleet management dashboards page // Stability: Preview - FeatureFlagGooglecloudarchiving FeatureFlag = "GoogleCloudArchiving" + FeatureFlagFleetdashboardspage FeatureFlag = "FleetDashboardsPage" // Enables TablePage UI on fleet management pages. // THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. // Stability: Preview FeatureFlagFleettablepageui FeatureFlag = "FleetTablePageUI" - // Disables periodic ingestOffset pushing for datasources in favor of alternate handling + // Enables migration of fleet metrics + // Stability: Preview + FeatureFlagFleetmetricsmigration FeatureFlag = "FleetMetricsMigration" + // Enables cache for LC-update + // THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + // Stability: Preview + FeatureFlagEnablelcupdatecache FeatureFlag = "EnableLcUpdateCache" + // Use collector ID instead of machine ID + // THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + // Stability: Preview + FeatureFlagSwitchtocollectoridovermachineid FeatureFlag = "SwitchToCollectorIdOverMachineId" + // Enables a locking mechanism to prevent segment races + // Stability: Preview + FeatureFlagLockingmechanismforsegmentraces FeatureFlag = "LockingMechanismForSegmentRaces" + // Will add an additional header value to kafka messages containing derived tags + // THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + // Stability: Preview + FeatureFlagAddderivedtagstokafkaheaders FeatureFlag = "AddDerivedTagsToKafkaHeaders" + // Do not fetch segments upon digest startup // Stability: Preview - FeatureFlagReplaceperiodicingestoffsetpushing FeatureFlag = "ReplacePeriodicIngestOffsetPushing" - // Lets the cluster know that non-evicted nodes undergoing a graceful shutdown should be considered alive for 5 minutes with regards to segment rebalancing + FeatureFlagZerofetchdigest FeatureFlag = "ZeroFetchDigest" + // Use CrowdStrike Query Language Editor (CodeMirror 6) instead of Monaco for query editor // Stability: Preview - FeatureFlagSetconsideredaliveuntilongracefulshutdown FeatureFlag = "SetConsideredAliveUntilOnGracefulShutdown" - // Enables Field Aliasing + FeatureFlagCrowdstrikequerylanguageeditor FeatureFlag = "CrowdStrikeQueryLanguageEditor" + // Enables complete state caching // Stability: Preview - FeatureFlagFieldaliasing FeatureFlag = "FieldAliasing" + FeatureFlagEnablecompletestatecache FeatureFlag = "EnableCompleteStateCache" + // Enable periodically snapshotting state of live queries on workers + // Stability: Preview + FeatureFlagPeriodicallysnapshothistoricstate FeatureFlag = "PeriodicallySnapshotHistoricState" // External Functions // THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. // Stability: Preview @@ -3922,20 +4224,17 @@ const ( // THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. // Stability: Preview FeatureFlagFlightcontrol FeatureFlag = "FlightControl" - // Enables a limit on query backtracking - // Stability: Preview - FeatureFlagQuerybacktrackinglimit FeatureFlag = "QueryBacktrackingLimit" // Adds a derived #repo.cid tag when searching in views or dataspaces within an organization with an associated CID // THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. // Stability: Preview FeatureFlagDerivedcidtag FeatureFlag = "DerivedCidTag" - // Live tables - // Stability: Preview - FeatureFlagLivetables FeatureFlag = "LiveTables" // Enables graph queries - // THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. // Stability: Preview FeatureFlagGraphqueries FeatureFlag = "GraphQueries" + // Enables aggregations for correlate + // THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + // Stability: Preview + FeatureFlagCorrelateaggregations FeatureFlag = "CorrelateAggregations" // Enables the MITRE Detection Annotation function // THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. // Stability: Preview @@ -3950,34 +4249,110 @@ const ( // THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. // Stability: Preview FeatureFlagOnetomanygroupsynchronization FeatureFlag = "OneToManyGroupSynchronization" - // Enables support specifying the query time interval using the query function setTimeInterval() - // Stability: Preview - FeatureFlagTimeintervalinquery FeatureFlag = "TimeIntervalInQuery" // Enables LLM parser generation // THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. // Stability: Preview FeatureFlagLlmparsergeneration FeatureFlag = "LlmParserGeneration" - // Enables the external data source sync job to sync entity data + // Enables enriched parsers and handling enrichment headers in the HEC endpointThis flag has higher precedence than TestOnlyForceEnableXEnrichment flags // THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. // Stability: Preview - FeatureFlagExternaldatasourcesyncforentity FeatureFlag = "ExternalDataSourceSyncForEntity" - // Enables the external data source sync job to sync identity data + FeatureFlagEnrichedparsers FeatureFlag = "EnrichedParsers" + // TO BE USED IN TEST ENVIRONMENTS ONLY: Enables HostEnrichment for all requests to the HEC Ingest endpoint,regardless of whether it was included in requested enrichmentsThis flag has lower precedence than EnrichedParsers flag // THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. // Stability: Preview - FeatureFlagExternaldatasourcesyncforidentity FeatureFlag = "ExternalDataSourceSyncForIdentity" - // Use the new query coordination partition logic. + FeatureFlagTestonlyforceenablehostenrichment FeatureFlag = "TestOnlyForceEnableHostEnrichment" + // TO BE USED IN TEST ENVIRONMENTS ONLY: Enables MitreEnrichment for all requests to the HEC Ingest endpoint,regardless of whether it was included in requested enrichmentsThis flag has lower precedence than EnrichedParsers flag + // THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. // Stability: Preview - FeatureFlagUsenewquerycoordinationpartitions FeatureFlag = "UseNewQueryCoordinationPartitions" - // Use the new sort, head, tail, and table datastructure + FeatureFlagTestonlyforceenablemitreenrichment FeatureFlag = "TestOnlyForceEnableMitreEnrichment" + // TO BE USED IN TEST ENVIRONMENTS ONLY: Enables UserEnrichment for all requests to the HEC Ingest endpoint,regardless of whether it was included in requested enrichmentsThis flag has lower precedence than EnrichedParsers flag + // THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. + // Stability: Preview + FeatureFlagTestonlyforceenableuserenrichment FeatureFlag = "TestOnlyForceEnableUserEnrichment" + // Enables the external data source sync job to sync entity data + // THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. + // Stability: Preview + FeatureFlagExternaldatasourcesyncforentity FeatureFlag = "ExternalDataSourceSyncForEntity" + // Enables the external data source sync job to sync identity data + // THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. + // Stability: Preview + FeatureFlagExternaldatasourcesyncforidentity FeatureFlag = "ExternalDataSourceSyncForIdentity" + // Enables the external data source sync job to sync ip and hostname entity data + // THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. + // Stability: Preview + FeatureFlagExternaldatasourcesynchostsbyipandname FeatureFlag = "ExternalDataSourceSyncHostsByIpAndName" + // Use the new sort, head, tail, and table datastructure // Stability: Preview FeatureFlagSortnewdatastructure FeatureFlag = "SortNewDatastructure" + // Enable the new Bale format lookup file infrastructure + // THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + // Stability: Preview + FeatureFlagEnablebalelookupfileinfrastructure FeatureFlag = "EnableBaleLookupFileInfrastructure" + // Disable the old CSV/JSON format lookup file infrastructure + // THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + // Stability: Preview + FeatureFlagDisablecsvjsonlookupfileinfrastructure FeatureFlag = "DisableCsvJsonLookupFileInfrastructure" + // Enables integration with LogScale Assets Resolution Service (LARS) + // THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. + // Stability: Preview + FeatureFlagLogscaleassetsresolutionservice FeatureFlag = "LogScaleAssetsResolutionService" + // Apply permission assignments from user info claim. + // Stability: Preview + FeatureFlagPermissionsclaimfromuserinfo FeatureFlag = "PermissionsClaimFromUserInfo" + // Always log which groups are in group claim when authenticating. + // THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + // Stability: Preview + FeatureFlagGroupclaimlogging FeatureFlag = "GroupClaimLogging" + // Attaches a header to Ingest Queue records to indicate that the message can be forwarded by Kafka Egress Service + // THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. + // Stability: Preview + FeatureFlagKafkaegresseventforwardingenabled FeatureFlag = "KafkaEgressEventForwardingEnabled" + // Skips LogScale event forwarding for records that will instead be forwarded by Kafka Egress Service + // THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. + // Stability: Preview + FeatureFlagLogscaleeventforwardingdisabled FeatureFlag = "LogScaleEventForwardingDisabled" + // Applies access scope from from JWT claim + // Stability: Preview + FeatureFlagJwtaccessscope FeatureFlag = "JWTAccessScope" + // Allows LogScale to fetch lookup tables from a remote source + // THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + // Stability: Preview + FeatureFlagRemotetable FeatureFlag = "RemoteTable" + // Enables enhanced schema validation for parsers. Enabling this may produce additional validation errors that were not previously observed + // Stability: Preview + FeatureFlagEnhancedschemavalidation FeatureFlag = "EnhancedSchemaValidation" + // Uses calculated, in-memory owner hosts for segments instead of storing this information in Global + // THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + // Stability: Preview + FeatureFlagUseinmemorysegmentownerhosts FeatureFlag = "UseInMemorySegmentOwnerHosts" + // Enables Bulk Actions feature for Asset Management Pages + // Stability: Preview + FeatureFlagBulkactions FeatureFlag = "BulkActions" + // Adds the #repo.cid tag, if it exists, as a kafka header when events are forwarded. This requires the DerivedCidTag to be enabled too. + // THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. + // Stability: Preview + FeatureFlagCidheaderineventforwarderrecord FeatureFlag = "CidHeaderInEventForwarderRecord" + // Allow for falcon analysts to generate query explanations + // THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. + // Stability: Preview + FeatureFlagGeneratequeryexplanations FeatureFlag = "GenerateQueryExplanations" + // Keeps hash files for a segment instead of deleting them, so it can be reused for queries + // Stability: Preview + FeatureFlagKeepsegmenthashfiles FeatureFlag = "KeepSegmentHashFiles" + // Layout and design changes for the Search view component + // THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + // Stability: Preview + FeatureFlagSearchviewdesignchanges FeatureFlag = "SearchViewDesignChanges" + // Switch to new queuing code for file transfers + // Stability: Preview + FeatureFlagNewfiletransferqueuing FeatureFlag = "NewFileTransferQueuing" ) // Asserts that a given field has an expected value after having been parsed. type FieldHasValueInput struct { - // Asserts that a given field has an expected value after having been parsed. + // Field to assert on. FieldName string `json:"fieldName"` - // Asserts that a given field has an expected value after having been parsed. + // Value expected to be contained in the field. ExpectedValue string `json:"expectedValue"` } @@ -4188,6 +4563,7 @@ func (v *FilterAlertDetails) __premarshalJSON() (*__premarshalFilterAlertDetails // FilterAlertDetailsActionsHumioRepoAction // FilterAlertDetailsActionsOpsGenieAction // FilterAlertDetailsActionsPagerDutyAction +// FilterAlertDetailsActionsS3Action // FilterAlertDetailsActionsSlackAction // FilterAlertDetailsActionsSlackPostMessageAction // FilterAlertDetailsActionsUploadFileAction @@ -4203,7 +4579,8 @@ type FilterAlertDetailsActionsAction interface { // GetName returns the interface-field "name" from its implementation. // The GraphQL interface field's documentation follows. // - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term GetName() string } @@ -4215,6 +4592,8 @@ func (v *FilterAlertDetailsActionsOpsGenieAction) implementsGraphQLInterfaceFilt } func (v *FilterAlertDetailsActionsPagerDutyAction) implementsGraphQLInterfaceFilterAlertDetailsActionsAction() { } +func (v *FilterAlertDetailsActionsS3Action) implementsGraphQLInterfaceFilterAlertDetailsActionsAction() { +} func (v *FilterAlertDetailsActionsSlackAction) implementsGraphQLInterfaceFilterAlertDetailsActionsAction() { } func (v *FilterAlertDetailsActionsSlackPostMessageAction) implementsGraphQLInterfaceFilterAlertDetailsActionsAction() { @@ -4252,6 +4631,9 @@ func __unmarshalFilterAlertDetailsActionsAction(b []byte, v *FilterAlertDetailsA case "PagerDutyAction": *v = new(FilterAlertDetailsActionsPagerDutyAction) return json.Unmarshal(b, *v) + case "S3Action": + *v = new(FilterAlertDetailsActionsS3Action) + return json.Unmarshal(b, *v) case "SlackAction": *v = new(FilterAlertDetailsActionsSlackAction) return json.Unmarshal(b, *v) @@ -4312,6 +4694,14 @@ func __marshalFilterAlertDetailsActionsAction(v *FilterAlertDetailsActionsAction *FilterAlertDetailsActionsPagerDutyAction }{typename, v} return json.Marshal(result) + case *FilterAlertDetailsActionsS3Action: + typename = "S3Action" + + result := struct { + TypeName string `json:"__typename"` + *FilterAlertDetailsActionsS3Action + }{typename, v} + return json.Marshal(result) case *FilterAlertDetailsActionsSlackAction: typename = "SlackAction" @@ -4366,7 +4756,8 @@ func __marshalFilterAlertDetailsActionsAction(v *FilterAlertDetailsActionsAction // An email action. type FilterAlertDetailsActionsEmailAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -4382,7 +4773,8 @@ func (v *FilterAlertDetailsActionsEmailAction) GetName() string { return v.Name // A LogScale repository action. type FilterAlertDetailsActionsHumioRepoAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -4398,7 +4790,8 @@ func (v *FilterAlertDetailsActionsHumioRepoAction) GetName() string { return v.N // An OpsGenie action type FilterAlertDetailsActionsOpsGenieAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -4414,7 +4807,8 @@ func (v *FilterAlertDetailsActionsOpsGenieAction) GetName() string { return v.Na // A PagerDuty action. type FilterAlertDetailsActionsPagerDutyAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -4424,13 +4818,31 @@ func (v *FilterAlertDetailsActionsPagerDutyAction) GetTypename() *string { retur // GetName returns FilterAlertDetailsActionsPagerDutyAction.Name, and is useful for accessing the field via an interface. func (v *FilterAlertDetailsActionsPagerDutyAction) GetName() string { return v.Name } +// FilterAlertDetailsActionsS3Action includes the requested fields of the GraphQL type S3Action. +// The GraphQL type's documentation follows. +// +// An S3 action +type FilterAlertDetailsActionsS3Action struct { + Typename *string `json:"__typename"` + // The name of the action. + // Stability: Long-term + Name string `json:"name"` +} + +// GetTypename returns FilterAlertDetailsActionsS3Action.Typename, and is useful for accessing the field via an interface. +func (v *FilterAlertDetailsActionsS3Action) GetTypename() *string { return v.Typename } + +// GetName returns FilterAlertDetailsActionsS3Action.Name, and is useful for accessing the field via an interface. +func (v *FilterAlertDetailsActionsS3Action) GetName() string { return v.Name } + // FilterAlertDetailsActionsSlackAction includes the requested fields of the GraphQL type SlackAction. // The GraphQL type's documentation follows. // // A Slack action type FilterAlertDetailsActionsSlackAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -4446,7 +4858,8 @@ func (v *FilterAlertDetailsActionsSlackAction) GetName() string { return v.Name // A slack post-message action. type FilterAlertDetailsActionsSlackPostMessageAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -4462,7 +4875,8 @@ func (v *FilterAlertDetailsActionsSlackPostMessageAction) GetName() string { ret // An upload file action. type FilterAlertDetailsActionsUploadFileAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -4478,7 +4892,8 @@ func (v *FilterAlertDetailsActionsUploadFileAction) GetName() string { return v. // A VictorOps action. type FilterAlertDetailsActionsVictorOpsAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -4494,7 +4909,8 @@ func (v *FilterAlertDetailsActionsVictorOpsAction) GetName() string { return v.N // A webhook action type FilterAlertDetailsActionsWebhookAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -4591,7 +5007,8 @@ type GetActionByIDSearchDomain interface { // GetAction returns the interface-field "action" from its implementation. // The GraphQL interface field's documentation follows. // - // Common interface for Repositories and Views. + // A saved action. + // Stability: Long-term GetAction() GetActionByIDSearchDomainAction } @@ -4670,6 +5087,7 @@ func __marshalGetActionByIDSearchDomain(v *GetActionByIDSearchDomain) ([]byte, e // GetActionByIDSearchDomainActionHumioRepoAction // GetActionByIDSearchDomainActionOpsGenieAction // GetActionByIDSearchDomainActionPagerDutyAction +// GetActionByIDSearchDomainActionS3Action // GetActionByIDSearchDomainActionSlackAction // GetActionByIDSearchDomainActionSlackPostMessageAction // GetActionByIDSearchDomainActionUploadFileAction @@ -4693,6 +5111,8 @@ func (v *GetActionByIDSearchDomainActionOpsGenieAction) implementsGraphQLInterfa } func (v *GetActionByIDSearchDomainActionPagerDutyAction) implementsGraphQLInterfaceGetActionByIDSearchDomainAction() { } +func (v *GetActionByIDSearchDomainActionS3Action) implementsGraphQLInterfaceGetActionByIDSearchDomainAction() { +} func (v *GetActionByIDSearchDomainActionSlackAction) implementsGraphQLInterfaceGetActionByIDSearchDomainAction() { } func (v *GetActionByIDSearchDomainActionSlackPostMessageAction) implementsGraphQLInterfaceGetActionByIDSearchDomainAction() { @@ -4730,6 +5150,9 @@ func __unmarshalGetActionByIDSearchDomainAction(b []byte, v *GetActionByIDSearch case "PagerDutyAction": *v = new(GetActionByIDSearchDomainActionPagerDutyAction) return json.Unmarshal(b, *v) + case "S3Action": + *v = new(GetActionByIDSearchDomainActionS3Action) + return json.Unmarshal(b, *v) case "SlackAction": *v = new(GetActionByIDSearchDomainActionSlackAction) return json.Unmarshal(b, *v) @@ -4806,6 +5229,18 @@ func __marshalGetActionByIDSearchDomainAction(v *GetActionByIDSearchDomainAction *__premarshalGetActionByIDSearchDomainActionPagerDutyAction }{typename, premarshaled} return json.Marshal(result) + case *GetActionByIDSearchDomainActionS3Action: + typename = "S3Action" + + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalGetActionByIDSearchDomainActionS3Action + }{typename, premarshaled} + return json.Marshal(result) case *GetActionByIDSearchDomainActionSlackAction: typename = "SlackAction" @@ -4916,6 +5351,11 @@ func (v *GetActionByIDSearchDomainActionEmailAction) GetUseProxy() bool { return v.ActionDetailsEmailAction.UseProxy } +// GetLabels returns GetActionByIDSearchDomainActionEmailAction.Labels, and is useful for accessing the field via an interface. +func (v *GetActionByIDSearchDomainActionEmailAction) GetLabels() []string { + return v.ActionDetailsEmailAction.Labels +} + func (v *GetActionByIDSearchDomainActionEmailAction) UnmarshalJSON(b []byte) error { if string(b) == "null" { @@ -4955,6 +5395,8 @@ type __premarshalGetActionByIDSearchDomainActionEmailAction struct { EmailBodyTemplate *string `json:"emailBodyTemplate"` UseProxy bool `json:"useProxy"` + + Labels []string `json:"labels"` } func (v *GetActionByIDSearchDomainActionEmailAction) MarshalJSON() ([]byte, error) { @@ -4975,6 +5417,7 @@ func (v *GetActionByIDSearchDomainActionEmailAction) __premarshalJSON() (*__prem retval.SubjectTemplate = v.ActionDetailsEmailAction.SubjectTemplate retval.EmailBodyTemplate = v.ActionDetailsEmailAction.EmailBodyTemplate retval.UseProxy = v.ActionDetailsEmailAction.UseProxy + retval.Labels = v.ActionDetailsEmailAction.Labels return &retval, nil } @@ -5005,6 +5448,11 @@ func (v *GetActionByIDSearchDomainActionHumioRepoAction) GetIngestToken() string return v.ActionDetailsHumioRepoAction.IngestToken } +// GetLabels returns GetActionByIDSearchDomainActionHumioRepoAction.Labels, and is useful for accessing the field via an interface. +func (v *GetActionByIDSearchDomainActionHumioRepoAction) GetLabels() []string { + return v.ActionDetailsHumioRepoAction.Labels +} + func (v *GetActionByIDSearchDomainActionHumioRepoAction) UnmarshalJSON(b []byte) error { if string(b) == "null" { @@ -5038,6 +5486,8 @@ type __premarshalGetActionByIDSearchDomainActionHumioRepoAction struct { Name string `json:"name"` IngestToken string `json:"ingestToken"` + + Labels []string `json:"labels"` } func (v *GetActionByIDSearchDomainActionHumioRepoAction) MarshalJSON() ([]byte, error) { @@ -5055,6 +5505,7 @@ func (v *GetActionByIDSearchDomainActionHumioRepoAction) __premarshalJSON() (*__ retval.Id = v.ActionDetailsHumioRepoAction.Id retval.Name = v.ActionDetailsHumioRepoAction.Name retval.IngestToken = v.ActionDetailsHumioRepoAction.IngestToken + retval.Labels = v.ActionDetailsHumioRepoAction.Labels return &retval, nil } @@ -5095,6 +5546,11 @@ func (v *GetActionByIDSearchDomainActionOpsGenieAction) GetUseProxy() bool { return v.ActionDetailsOpsGenieAction.UseProxy } +// GetLabels returns GetActionByIDSearchDomainActionOpsGenieAction.Labels, and is useful for accessing the field via an interface. +func (v *GetActionByIDSearchDomainActionOpsGenieAction) GetLabels() []string { + return v.ActionDetailsOpsGenieAction.Labels +} + func (v *GetActionByIDSearchDomainActionOpsGenieAction) UnmarshalJSON(b []byte) error { if string(b) == "null" { @@ -5132,6 +5588,8 @@ type __premarshalGetActionByIDSearchDomainActionOpsGenieAction struct { GenieKey string `json:"genieKey"` UseProxy bool `json:"useProxy"` + + Labels []string `json:"labels"` } func (v *GetActionByIDSearchDomainActionOpsGenieAction) MarshalJSON() ([]byte, error) { @@ -5151,6 +5609,7 @@ func (v *GetActionByIDSearchDomainActionOpsGenieAction) __premarshalJSON() (*__p retval.ApiUrl = v.ActionDetailsOpsGenieAction.ApiUrl retval.GenieKey = v.ActionDetailsOpsGenieAction.GenieKey retval.UseProxy = v.ActionDetailsOpsGenieAction.UseProxy + retval.Labels = v.ActionDetailsOpsGenieAction.Labels return &retval, nil } @@ -5191,6 +5650,11 @@ func (v *GetActionByIDSearchDomainActionPagerDutyAction) GetUseProxy() bool { return v.ActionDetailsPagerDutyAction.UseProxy } +// GetLabels returns GetActionByIDSearchDomainActionPagerDutyAction.Labels, and is useful for accessing the field via an interface. +func (v *GetActionByIDSearchDomainActionPagerDutyAction) GetLabels() []string { + return v.ActionDetailsPagerDutyAction.Labels +} + func (v *GetActionByIDSearchDomainActionPagerDutyAction) UnmarshalJSON(b []byte) error { if string(b) == "null" { @@ -5228,6 +5692,8 @@ type __premarshalGetActionByIDSearchDomainActionPagerDutyAction struct { RoutingKey string `json:"routingKey"` UseProxy bool `json:"useProxy"` + + Labels []string `json:"labels"` } func (v *GetActionByIDSearchDomainActionPagerDutyAction) MarshalJSON() ([]byte, error) { @@ -5247,6 +5713,141 @@ func (v *GetActionByIDSearchDomainActionPagerDutyAction) __premarshalJSON() (*__ retval.Severity = v.ActionDetailsPagerDutyAction.Severity retval.RoutingKey = v.ActionDetailsPagerDutyAction.RoutingKey retval.UseProxy = v.ActionDetailsPagerDutyAction.UseProxy + retval.Labels = v.ActionDetailsPagerDutyAction.Labels + return &retval, nil +} + +// GetActionByIDSearchDomainActionS3Action includes the requested fields of the GraphQL type S3Action. +// The GraphQL type's documentation follows. +// +// An S3 action +type GetActionByIDSearchDomainActionS3Action struct { + Typename *string `json:"__typename"` + ActionDetailsS3Action `json:"-"` +} + +// GetTypename returns GetActionByIDSearchDomainActionS3Action.Typename, and is useful for accessing the field via an interface. +func (v *GetActionByIDSearchDomainActionS3Action) GetTypename() *string { return v.Typename } + +// GetId returns GetActionByIDSearchDomainActionS3Action.Id, and is useful for accessing the field via an interface. +func (v *GetActionByIDSearchDomainActionS3Action) GetId() string { return v.ActionDetailsS3Action.Id } + +// GetName returns GetActionByIDSearchDomainActionS3Action.Name, and is useful for accessing the field via an interface. +func (v *GetActionByIDSearchDomainActionS3Action) GetName() string { + return v.ActionDetailsS3Action.Name +} + +// GetRoleArn returns GetActionByIDSearchDomainActionS3Action.RoleArn, and is useful for accessing the field via an interface. +func (v *GetActionByIDSearchDomainActionS3Action) GetRoleArn() string { + return v.ActionDetailsS3Action.RoleArn +} + +// GetAwsRegion returns GetActionByIDSearchDomainActionS3Action.AwsRegion, and is useful for accessing the field via an interface. +func (v *GetActionByIDSearchDomainActionS3Action) GetAwsRegion() string { + return v.ActionDetailsS3Action.AwsRegion +} + +// GetBucketName returns GetActionByIDSearchDomainActionS3Action.BucketName, and is useful for accessing the field via an interface. +func (v *GetActionByIDSearchDomainActionS3Action) GetBucketName() string { + return v.ActionDetailsS3Action.BucketName +} + +// GetFileName returns GetActionByIDSearchDomainActionS3Action.FileName, and is useful for accessing the field via an interface. +func (v *GetActionByIDSearchDomainActionS3Action) GetFileName() string { + return v.ActionDetailsS3Action.FileName +} + +// GetOutputFormat returns GetActionByIDSearchDomainActionS3Action.OutputFormat, and is useful for accessing the field via an interface. +func (v *GetActionByIDSearchDomainActionS3Action) GetOutputFormat() S3ActionEventOutputFormat { + return v.ActionDetailsS3Action.OutputFormat +} + +// GetOutputMetadata returns GetActionByIDSearchDomainActionS3Action.OutputMetadata, and is useful for accessing the field via an interface. +func (v *GetActionByIDSearchDomainActionS3Action) GetOutputMetadata() bool { + return v.ActionDetailsS3Action.OutputMetadata +} + +// GetUseProxy returns GetActionByIDSearchDomainActionS3Action.UseProxy, and is useful for accessing the field via an interface. +func (v *GetActionByIDSearchDomainActionS3Action) GetUseProxy() bool { + return v.ActionDetailsS3Action.UseProxy +} + +// GetLabels returns GetActionByIDSearchDomainActionS3Action.Labels, and is useful for accessing the field via an interface. +func (v *GetActionByIDSearchDomainActionS3Action) GetLabels() []string { + return v.ActionDetailsS3Action.Labels +} + +func (v *GetActionByIDSearchDomainActionS3Action) UnmarshalJSON(b []byte) error { + + if string(b) == "null" { + return nil + } + + var firstPass struct { + *GetActionByIDSearchDomainActionS3Action + graphql.NoUnmarshalJSON + } + firstPass.GetActionByIDSearchDomainActionS3Action = v + + err := json.Unmarshal(b, &firstPass) + if err != nil { + return err + } + + err = json.Unmarshal( + b, &v.ActionDetailsS3Action) + if err != nil { + return err + } + return nil +} + +type __premarshalGetActionByIDSearchDomainActionS3Action struct { + Typename *string `json:"__typename"` + + Id string `json:"id"` + + Name string `json:"name"` + + RoleArn string `json:"roleArn"` + + AwsRegion string `json:"awsRegion"` + + BucketName string `json:"bucketName"` + + FileName string `json:"fileName"` + + OutputFormat S3ActionEventOutputFormat `json:"outputFormat"` + + OutputMetadata bool `json:"outputMetadata"` + + UseProxy bool `json:"useProxy"` + + Labels []string `json:"labels"` +} + +func (v *GetActionByIDSearchDomainActionS3Action) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) +} + +func (v *GetActionByIDSearchDomainActionS3Action) __premarshalJSON() (*__premarshalGetActionByIDSearchDomainActionS3Action, error) { + var retval __premarshalGetActionByIDSearchDomainActionS3Action + + retval.Typename = v.Typename + retval.Id = v.ActionDetailsS3Action.Id + retval.Name = v.ActionDetailsS3Action.Name + retval.RoleArn = v.ActionDetailsS3Action.RoleArn + retval.AwsRegion = v.ActionDetailsS3Action.AwsRegion + retval.BucketName = v.ActionDetailsS3Action.BucketName + retval.FileName = v.ActionDetailsS3Action.FileName + retval.OutputFormat = v.ActionDetailsS3Action.OutputFormat + retval.OutputMetadata = v.ActionDetailsS3Action.OutputMetadata + retval.UseProxy = v.ActionDetailsS3Action.UseProxy + retval.Labels = v.ActionDetailsS3Action.Labels return &retval, nil } @@ -5287,6 +5888,11 @@ func (v *GetActionByIDSearchDomainActionSlackAction) GetUseProxy() bool { return v.ActionDetailsSlackAction.UseProxy } +// GetLabels returns GetActionByIDSearchDomainActionSlackAction.Labels, and is useful for accessing the field via an interface. +func (v *GetActionByIDSearchDomainActionSlackAction) GetLabels() []string { + return v.ActionDetailsSlackAction.Labels +} + func (v *GetActionByIDSearchDomainActionSlackAction) UnmarshalJSON(b []byte) error { if string(b) == "null" { @@ -5324,6 +5930,8 @@ type __premarshalGetActionByIDSearchDomainActionSlackAction struct { Fields []ActionDetailsFieldsSlackFieldEntry `json:"fields"` UseProxy bool `json:"useProxy"` + + Labels []string `json:"labels"` } func (v *GetActionByIDSearchDomainActionSlackAction) MarshalJSON() ([]byte, error) { @@ -5343,6 +5951,7 @@ func (v *GetActionByIDSearchDomainActionSlackAction) __premarshalJSON() (*__prem retval.Url = v.ActionDetailsSlackAction.Url retval.Fields = v.ActionDetailsSlackAction.Fields retval.UseProxy = v.ActionDetailsSlackAction.UseProxy + retval.Labels = v.ActionDetailsSlackAction.Labels return &retval, nil } @@ -5390,6 +5999,11 @@ func (v *GetActionByIDSearchDomainActionSlackPostMessageAction) GetUseProxy() bo return v.ActionDetailsSlackPostMessageAction.UseProxy } +// GetLabels returns GetActionByIDSearchDomainActionSlackPostMessageAction.Labels, and is useful for accessing the field via an interface. +func (v *GetActionByIDSearchDomainActionSlackPostMessageAction) GetLabels() []string { + return v.ActionDetailsSlackPostMessageAction.Labels +} + func (v *GetActionByIDSearchDomainActionSlackPostMessageAction) UnmarshalJSON(b []byte) error { if string(b) == "null" { @@ -5429,6 +6043,8 @@ type __premarshalGetActionByIDSearchDomainActionSlackPostMessageAction struct { Fields []ActionDetailsFieldsSlackFieldEntry `json:"fields"` UseProxy bool `json:"useProxy"` + + Labels []string `json:"labels"` } func (v *GetActionByIDSearchDomainActionSlackPostMessageAction) MarshalJSON() ([]byte, error) { @@ -5449,6 +6065,7 @@ func (v *GetActionByIDSearchDomainActionSlackPostMessageAction) __premarshalJSON retval.Channels = v.ActionDetailsSlackPostMessageAction.Channels retval.Fields = v.ActionDetailsSlackPostMessageAction.Fields retval.UseProxy = v.ActionDetailsSlackPostMessageAction.UseProxy + retval.Labels = v.ActionDetailsSlackPostMessageAction.Labels return &retval, nil } @@ -5479,6 +6096,11 @@ func (v *GetActionByIDSearchDomainActionUploadFileAction) GetFileName() string { return v.ActionDetailsUploadFileAction.FileName } +// GetLabels returns GetActionByIDSearchDomainActionUploadFileAction.Labels, and is useful for accessing the field via an interface. +func (v *GetActionByIDSearchDomainActionUploadFileAction) GetLabels() []string { + return v.ActionDetailsUploadFileAction.Labels +} + func (v *GetActionByIDSearchDomainActionUploadFileAction) UnmarshalJSON(b []byte) error { if string(b) == "null" { @@ -5512,6 +6134,8 @@ type __premarshalGetActionByIDSearchDomainActionUploadFileAction struct { Name string `json:"name"` FileName string `json:"fileName"` + + Labels []string `json:"labels"` } func (v *GetActionByIDSearchDomainActionUploadFileAction) MarshalJSON() ([]byte, error) { @@ -5529,6 +6153,7 @@ func (v *GetActionByIDSearchDomainActionUploadFileAction) __premarshalJSON() (*_ retval.Id = v.ActionDetailsUploadFileAction.Id retval.Name = v.ActionDetailsUploadFileAction.Name retval.FileName = v.ActionDetailsUploadFileAction.FileName + retval.Labels = v.ActionDetailsUploadFileAction.Labels return &retval, nil } @@ -5569,6 +6194,11 @@ func (v *GetActionByIDSearchDomainActionVictorOpsAction) GetUseProxy() bool { return v.ActionDetailsVictorOpsAction.UseProxy } +// GetLabels returns GetActionByIDSearchDomainActionVictorOpsAction.Labels, and is useful for accessing the field via an interface. +func (v *GetActionByIDSearchDomainActionVictorOpsAction) GetLabels() []string { + return v.ActionDetailsVictorOpsAction.Labels +} + func (v *GetActionByIDSearchDomainActionVictorOpsAction) UnmarshalJSON(b []byte) error { if string(b) == "null" { @@ -5606,6 +6236,8 @@ type __premarshalGetActionByIDSearchDomainActionVictorOpsAction struct { NotifyUrl string `json:"notifyUrl"` UseProxy bool `json:"useProxy"` + + Labels []string `json:"labels"` } func (v *GetActionByIDSearchDomainActionVictorOpsAction) MarshalJSON() ([]byte, error) { @@ -5625,6 +6257,7 @@ func (v *GetActionByIDSearchDomainActionVictorOpsAction) __premarshalJSON() (*__ retval.MessageType = v.ActionDetailsVictorOpsAction.MessageType retval.NotifyUrl = v.ActionDetailsVictorOpsAction.NotifyUrl retval.UseProxy = v.ActionDetailsVictorOpsAction.UseProxy + retval.Labels = v.ActionDetailsVictorOpsAction.Labels return &retval, nil } @@ -5680,6 +6313,11 @@ func (v *GetActionByIDSearchDomainActionWebhookAction) GetUseProxy() bool { return v.ActionDetailsWebhookAction.UseProxy } +// GetLabels returns GetActionByIDSearchDomainActionWebhookAction.Labels, and is useful for accessing the field via an interface. +func (v *GetActionByIDSearchDomainActionWebhookAction) GetLabels() []string { + return v.ActionDetailsWebhookAction.Labels +} + func (v *GetActionByIDSearchDomainActionWebhookAction) UnmarshalJSON(b []byte) error { if string(b) == "null" { @@ -5723,6 +6361,8 @@ type __premarshalGetActionByIDSearchDomainActionWebhookAction struct { IgnoreSSL bool `json:"ignoreSSL"` UseProxy bool `json:"useProxy"` + + Labels []string `json:"labels"` } func (v *GetActionByIDSearchDomainActionWebhookAction) MarshalJSON() ([]byte, error) { @@ -5745,6 +6385,7 @@ func (v *GetActionByIDSearchDomainActionWebhookAction) __premarshalJSON() (*__pr retval.WebhookBodyTemplate = v.ActionDetailsWebhookAction.WebhookBodyTemplate retval.IgnoreSSL = v.ActionDetailsWebhookAction.IgnoreSSL retval.UseProxy = v.ActionDetailsWebhookAction.UseProxy + retval.Labels = v.ActionDetailsWebhookAction.Labels return &retval, nil } @@ -5754,7 +6395,8 @@ func (v *GetActionByIDSearchDomainActionWebhookAction) __premarshalJSON() (*__pr // A repository stores ingested data, configures parsers and data retention policies. type GetActionByIDSearchDomainRepository struct { Typename *string `json:"__typename"` - // Common interface for Repositories and Views. + // A saved action. + // Stability: Long-term Action GetActionByIDSearchDomainAction `json:"-"` } @@ -5838,7 +6480,8 @@ func (v *GetActionByIDSearchDomainRepository) __premarshalJSON() (*__premarshalG // Represents information about a view, pulling data from one or several repositories. type GetActionByIDSearchDomainView struct { Typename *string `json:"__typename"` - // Common interface for Repositories and Views. + // A saved action. + // Stability: Long-term Action GetActionByIDSearchDomainAction `json:"-"` } @@ -6003,7 +6646,8 @@ type GetAggregateAlertByIDSearchDomain interface { // GetAggregateAlert returns the interface-field "aggregateAlert" from its implementation. // The GraphQL interface field's documentation follows. // - // Common interface for Repositories and Views. + // A saved aggregate alert + // Stability: Long-term GetAggregateAlert() GetAggregateAlertByIDSearchDomainAggregateAlert } @@ -6256,7 +6900,8 @@ func (v *GetAggregateAlertByIDSearchDomainAggregateAlert) __premarshalJSON() (*_ // A repository stores ingested data, configures parsers and data retention policies. type GetAggregateAlertByIDSearchDomainRepository struct { Typename *string `json:"__typename"` - // Common interface for Repositories and Views. + // A saved aggregate alert + // Stability: Long-term AggregateAlert GetAggregateAlertByIDSearchDomainAggregateAlert `json:"aggregateAlert"` } @@ -6274,7 +6919,8 @@ func (v *GetAggregateAlertByIDSearchDomainRepository) GetAggregateAlert() GetAgg // Represents information about a view, pulling data from one or several repositories. type GetAggregateAlertByIDSearchDomainView struct { Typename *string `json:"__typename"` - // Common interface for Repositories and Views. + // A saved aggregate alert + // Stability: Long-term AggregateAlert GetAggregateAlertByIDSearchDomainAggregateAlert `json:"aggregateAlert"` } @@ -6552,7 +7198,8 @@ type GetFilterAlertByIDSearchDomain interface { // GetFilterAlert returns the interface-field "filterAlert" from its implementation. // The GraphQL interface field's documentation follows. // - // Common interface for Repositories and Views. + // A saved filter alert + // Stability: Long-term GetFilterAlert() GetFilterAlertByIDSearchDomainFilterAlert } @@ -6779,7 +7426,8 @@ func (v *GetFilterAlertByIDSearchDomainFilterAlert) __premarshalJSON() (*__prema // A repository stores ingested data, configures parsers and data retention policies. type GetFilterAlertByIDSearchDomainRepository struct { Typename *string `json:"__typename"` - // Common interface for Repositories and Views. + // A saved filter alert + // Stability: Long-term FilterAlert GetFilterAlertByIDSearchDomainFilterAlert `json:"filterAlert"` } @@ -6797,7 +7445,8 @@ func (v *GetFilterAlertByIDSearchDomainRepository) GetFilterAlert() GetFilterAle // Represents information about a view, pulling data from one or several repositories. type GetFilterAlertByIDSearchDomainView struct { Typename *string `json:"__typename"` - // Common interface for Repositories and Views. + // A saved filter alert + // Stability: Long-term FilterAlert GetFilterAlertByIDSearchDomainFilterAlert `json:"filterAlert"` } @@ -6824,12 +7473,14 @@ type GetLicenseInstalledLicense interface { // GetExpiresAt returns the interface-field "expiresAt" from its implementation. // The GraphQL interface field's documentation follows. // - // Represents information about the LogScale instance. + // The time at which the license expires. + // Stability: Long-term GetExpiresAt() time.Time // GetIssuedAt returns the interface-field "issuedAt" from its implementation. // The GraphQL interface field's documentation follows. // - // Represents information about the LogScale instance. + // The time at which the license was issued. + // Stability: Long-term GetIssuedAt() time.Time } @@ -6901,9 +7552,11 @@ func __marshalGetLicenseInstalledLicense(v *GetLicenseInstalledLicense) ([]byte, // Represents information about a LogScale License. type GetLicenseInstalledLicenseOnPremLicense struct { Typename *string `json:"__typename"` - // Represents information about the LogScale instance. + // The time at which the license expires. + // Stability: Long-term ExpiresAt time.Time `json:"expiresAt"` - // Represents information about the LogScale instance. + // The time at which the license was issued. + // Stability: Long-term IssuedAt time.Time `json:"issuedAt"` // license id. // Stability: Long-term @@ -6940,9 +7593,11 @@ func (v *GetLicenseInstalledLicenseOnPremLicense) GetMaxUsers() *int { return v. // Represents information about an on-going trial of LogScale. type GetLicenseInstalledLicenseTrialLicense struct { Typename *string `json:"__typename"` - // Represents information about the LogScale instance. + // The time at which the license expires. + // Stability: Long-term ExpiresAt time.Time `json:"expiresAt"` - // Represents information about the LogScale instance. + // The time at which the license was issued. + // Stability: Long-term IssuedAt time.Time `json:"issuedAt"` } @@ -7038,7 +7693,7 @@ func (v *GetLicenseResponse) __premarshalJSON() (*__premarshalGetLicenseResponse // // A repository stores ingested data, configures parsers and data retention policies. type GetParserByIDRepository struct { - // A parser on the repository. + // A parser on the repository. Supply either 'id' or 'name'. // Stability: Long-term Parser *GetParserByIDRepositoryParser `json:"parser"` } @@ -7168,7 +7823,7 @@ func (v *GetParserByIDResponse) GetRepository() GetParserByIDRepository { return // // A repository stores ingested data, configures parsers and data retention policies. type GetParserYAMLByNameRepository struct { - // A parser on the repository. + // A parser on the repository. Supply either 'id' or 'name'. // Stability: Long-term Parser *GetParserYAMLByNameRepositoryParser `json:"parser"` } @@ -7511,22 +8166,22 @@ type GetSearchDomainSearchDomain interface { // GetId returns the interface-field "id" from its implementation. // The GraphQL interface field's documentation follows. // - // Common interface for Repositories and Views. + // Stability: Long-term GetId() string // GetName returns the interface-field "name" from its implementation. // The GraphQL interface field's documentation follows. // - // Common interface for Repositories and Views. + // Stability: Long-term GetName() string // GetDescription returns the interface-field "description" from its implementation. // The GraphQL interface field's documentation follows. // - // Common interface for Repositories and Views. + // Stability: Long-term GetDescription() *string // GetAutomaticSearch returns the interface-field "automaticSearch" from its implementation. // The GraphQL interface field's documentation follows. // - // Common interface for Repositories and Views. + // Stability: Long-term GetAutomaticSearch() bool // GetTypename returns the receiver's concrete GraphQL type-name (see interface doc for possible values). GetTypename() *string @@ -7598,13 +8253,13 @@ func __marshalGetSearchDomainSearchDomain(v *GetSearchDomainSearchDomain) ([]byt // // A repository stores ingested data, configures parsers and data retention policies. type GetSearchDomainSearchDomainRepository struct { - // Common interface for Repositories and Views. + // Stability: Long-term Id string `json:"id"` - // Common interface for Repositories and Views. + // Stability: Long-term Name string `json:"name"` - // Common interface for Repositories and Views. + // Stability: Long-term Description *string `json:"description"` - // Common interface for Repositories and Views. + // Stability: Long-term AutomaticSearch bool `json:"automaticSearch"` Typename *string `json:"__typename"` } @@ -7629,13 +8284,13 @@ func (v *GetSearchDomainSearchDomainRepository) GetTypename() *string { return v // // Represents information about a view, pulling data from one or several repositories. type GetSearchDomainSearchDomainView struct { - // Common interface for Repositories and Views. + // Stability: Long-term Id string `json:"id"` - // Common interface for Repositories and Views. + // Stability: Long-term Name string `json:"name"` - // Common interface for Repositories and Views. + // Stability: Long-term Description *string `json:"description"` - // Common interface for Repositories and Views. + // Stability: Long-term AutomaticSearch bool `json:"automaticSearch"` // Stability: Long-term Connections []GetSearchDomainSearchDomainViewConnectionsViewConnection `json:"connections"` @@ -7874,9 +8529,9 @@ func (v *GetUsersByUsernameUsersUser) __premarshalJSON() (*__premarshalGetUsersB // Http(s) Header entry. type HttpHeaderEntryInput struct { - // Http(s) Header entry. + // Key of a http(s) header. Header string `json:"header"` - // Http(s) Header entry. + // Value of a http(s) header. Value string `json:"value"` } @@ -7894,264 +8549,43 @@ type IngestTokenDetails struct { // Stability: Long-term Name string `json:"name"` // Stability: Long-term - Token string `json:"token"` - // Stability: Long-term - Parser *IngestTokenDetailsParser `json:"parser"` -} - -// GetName returns IngestTokenDetails.Name, and is useful for accessing the field via an interface. -func (v *IngestTokenDetails) GetName() string { return v.Name } - -// GetToken returns IngestTokenDetails.Token, and is useful for accessing the field via an interface. -func (v *IngestTokenDetails) GetToken() string { return v.Token } - -// GetParser returns IngestTokenDetails.Parser, and is useful for accessing the field via an interface. -func (v *IngestTokenDetails) GetParser() *IngestTokenDetailsParser { return v.Parser } - -// IngestTokenDetailsParser includes the requested fields of the GraphQL type Parser. -// The GraphQL type's documentation follows. -// -// A configured parser for incoming data. -type IngestTokenDetailsParser struct { - // Name of the parser. - // Stability: Long-term - Name string `json:"name"` -} - -// GetName returns IngestTokenDetailsParser.Name, and is useful for accessing the field via an interface. -func (v *IngestTokenDetailsParser) GetName() string { return v.Name } - -// The version of the LogScale query language to use. -type LanguageVersionEnum string - -const ( - LanguageVersionEnumLegacy LanguageVersionEnum = "legacy" - LanguageVersionEnumXdr1 LanguageVersionEnum = "xdr1" - LanguageVersionEnumXdrdetects1 LanguageVersionEnum = "xdrdetects1" - LanguageVersionEnumFilteralert LanguageVersionEnum = "filteralert" - LanguageVersionEnumFederated1 LanguageVersionEnum = "federated1" -) - -// LegacyCreateParserCreateParserCreateParserMutation includes the requested fields of the GraphQL type CreateParserMutation. -type LegacyCreateParserCreateParserCreateParserMutation struct { - // Stability: Long-term - Parser LegacyCreateParserCreateParserCreateParserMutationParser `json:"parser"` -} - -// GetParser returns LegacyCreateParserCreateParserCreateParserMutation.Parser, and is useful for accessing the field via an interface. -func (v *LegacyCreateParserCreateParserCreateParserMutation) GetParser() LegacyCreateParserCreateParserCreateParserMutationParser { - return v.Parser -} - -// LegacyCreateParserCreateParserCreateParserMutationParser includes the requested fields of the GraphQL type Parser. -// The GraphQL type's documentation follows. -// -// A configured parser for incoming data. -type LegacyCreateParserCreateParserCreateParserMutationParser struct { - ParserDetails `json:"-"` -} - -// GetId returns LegacyCreateParserCreateParserCreateParserMutationParser.Id, and is useful for accessing the field via an interface. -func (v *LegacyCreateParserCreateParserCreateParserMutationParser) GetId() string { - return v.ParserDetails.Id -} - -// GetName returns LegacyCreateParserCreateParserCreateParserMutationParser.Name, and is useful for accessing the field via an interface. -func (v *LegacyCreateParserCreateParserCreateParserMutationParser) GetName() string { - return v.ParserDetails.Name -} - -// GetDisplayName returns LegacyCreateParserCreateParserCreateParserMutationParser.DisplayName, and is useful for accessing the field via an interface. -func (v *LegacyCreateParserCreateParserCreateParserMutationParser) GetDisplayName() string { - return v.ParserDetails.DisplayName -} - -// GetDescription returns LegacyCreateParserCreateParserCreateParserMutationParser.Description, and is useful for accessing the field via an interface. -func (v *LegacyCreateParserCreateParserCreateParserMutationParser) GetDescription() *string { - return v.ParserDetails.Description -} - -// GetIsBuiltIn returns LegacyCreateParserCreateParserCreateParserMutationParser.IsBuiltIn, and is useful for accessing the field via an interface. -func (v *LegacyCreateParserCreateParserCreateParserMutationParser) GetIsBuiltIn() bool { - return v.ParserDetails.IsBuiltIn -} - -// GetScript returns LegacyCreateParserCreateParserCreateParserMutationParser.Script, and is useful for accessing the field via an interface. -func (v *LegacyCreateParserCreateParserCreateParserMutationParser) GetScript() string { - return v.ParserDetails.Script -} - -// GetFieldsToTag returns LegacyCreateParserCreateParserCreateParserMutationParser.FieldsToTag, and is useful for accessing the field via an interface. -func (v *LegacyCreateParserCreateParserCreateParserMutationParser) GetFieldsToTag() []string { - return v.ParserDetails.FieldsToTag -} - -// GetFieldsToBeRemovedBeforeParsing returns LegacyCreateParserCreateParserCreateParserMutationParser.FieldsToBeRemovedBeforeParsing, and is useful for accessing the field via an interface. -func (v *LegacyCreateParserCreateParserCreateParserMutationParser) GetFieldsToBeRemovedBeforeParsing() []string { - return v.ParserDetails.FieldsToBeRemovedBeforeParsing -} - -// GetTestCases returns LegacyCreateParserCreateParserCreateParserMutationParser.TestCases, and is useful for accessing the field via an interface. -func (v *LegacyCreateParserCreateParserCreateParserMutationParser) GetTestCases() []ParserDetailsTestCasesParserTestCase { - return v.ParserDetails.TestCases -} - -func (v *LegacyCreateParserCreateParserCreateParserMutationParser) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *LegacyCreateParserCreateParserCreateParserMutationParser - graphql.NoUnmarshalJSON - } - firstPass.LegacyCreateParserCreateParserCreateParserMutationParser = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.ParserDetails) - if err != nil { - return err - } - return nil -} - -type __premarshalLegacyCreateParserCreateParserCreateParserMutationParser struct { - Id string `json:"id"` - - Name string `json:"name"` - - DisplayName string `json:"displayName"` - - Description *string `json:"description"` - - IsBuiltIn bool `json:"isBuiltIn"` - - Script string `json:"script"` - - FieldsToTag []string `json:"fieldsToTag"` - - FieldsToBeRemovedBeforeParsing []string `json:"fieldsToBeRemovedBeforeParsing"` - - TestCases []ParserDetailsTestCasesParserTestCase `json:"testCases"` -} - -func (v *LegacyCreateParserCreateParserCreateParserMutationParser) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *LegacyCreateParserCreateParserCreateParserMutationParser) __premarshalJSON() (*__premarshalLegacyCreateParserCreateParserCreateParserMutationParser, error) { - var retval __premarshalLegacyCreateParserCreateParserCreateParserMutationParser - - retval.Id = v.ParserDetails.Id - retval.Name = v.ParserDetails.Name - retval.DisplayName = v.ParserDetails.DisplayName - retval.Description = v.ParserDetails.Description - retval.IsBuiltIn = v.ParserDetails.IsBuiltIn - retval.Script = v.ParserDetails.Script - retval.FieldsToTag = v.ParserDetails.FieldsToTag - retval.FieldsToBeRemovedBeforeParsing = v.ParserDetails.FieldsToBeRemovedBeforeParsing - retval.TestCases = v.ParserDetails.TestCases - return &retval, nil -} - -// LegacyCreateParserResponse is returned by LegacyCreateParser on success. -type LegacyCreateParserResponse struct { - // Create a parser. - CreateParser LegacyCreateParserCreateParserCreateParserMutation `json:"createParser"` -} - -// GetCreateParser returns LegacyCreateParserResponse.CreateParser, and is useful for accessing the field via an interface. -func (v *LegacyCreateParserResponse) GetCreateParser() LegacyCreateParserCreateParserCreateParserMutation { - return v.CreateParser -} - -// LegacyDeleteParserByIDRemoveParserRemoveParserMutation includes the requested fields of the GraphQL type RemoveParserMutation. -type LegacyDeleteParserByIDRemoveParserRemoveParserMutation struct { - Typename *string `json:"__typename"` -} - -// GetTypename returns LegacyDeleteParserByIDRemoveParserRemoveParserMutation.Typename, and is useful for accessing the field via an interface. -func (v *LegacyDeleteParserByIDRemoveParserRemoveParserMutation) GetTypename() *string { - return v.Typename -} - -// LegacyDeleteParserByIDResponse is returned by LegacyDeleteParserByID on success. -type LegacyDeleteParserByIDResponse struct { - // Remove a parser. - RemoveParser LegacyDeleteParserByIDRemoveParserRemoveParserMutation `json:"removeParser"` + Token string `json:"token"` + // Stability: Long-term + Parser *IngestTokenDetailsParser `json:"parser"` } -// GetRemoveParser returns LegacyDeleteParserByIDResponse.RemoveParser, and is useful for accessing the field via an interface. -func (v *LegacyDeleteParserByIDResponse) GetRemoveParser() LegacyDeleteParserByIDRemoveParserRemoveParserMutation { - return v.RemoveParser -} +// GetName returns IngestTokenDetails.Name, and is useful for accessing the field via an interface. +func (v *IngestTokenDetails) GetName() string { return v.Name } -// LegacyGetParserRepository includes the requested fields of the GraphQL type Repository. -// The GraphQL type's documentation follows. -// -// A repository stores ingested data, configures parsers and data retention policies. -type LegacyGetParserRepository struct { - // A parser on the repository. - // Stability: Long-term - Parser *LegacyGetParserRepositoryParser `json:"parser"` -} +// GetToken returns IngestTokenDetails.Token, and is useful for accessing the field via an interface. +func (v *IngestTokenDetails) GetToken() string { return v.Token } -// GetParser returns LegacyGetParserRepository.Parser, and is useful for accessing the field via an interface. -func (v *LegacyGetParserRepository) GetParser() *LegacyGetParserRepositoryParser { return v.Parser } +// GetParser returns IngestTokenDetails.Parser, and is useful for accessing the field via an interface. +func (v *IngestTokenDetails) GetParser() *IngestTokenDetailsParser { return v.Parser } -// LegacyGetParserRepositoryParser includes the requested fields of the GraphQL type Parser. +// IngestTokenDetailsParser includes the requested fields of the GraphQL type Parser. // The GraphQL type's documentation follows. // // A configured parser for incoming data. -type LegacyGetParserRepositoryParser struct { - // The id of the parser. - // Stability: Long-term - Id string `json:"id"` +type IngestTokenDetailsParser struct { // Name of the parser. // Stability: Long-term Name string `json:"name"` - // The source code of the parser. - SourceCode string `json:"sourceCode"` - // Saved test data (e.g. log lines) that you can use to test the parser. - TestData []string `json:"testData"` - // The fields to use as tags. - TagFields []string `json:"tagFields"` } -// GetId returns LegacyGetParserRepositoryParser.Id, and is useful for accessing the field via an interface. -func (v *LegacyGetParserRepositoryParser) GetId() string { return v.Id } - -// GetName returns LegacyGetParserRepositoryParser.Name, and is useful for accessing the field via an interface. -func (v *LegacyGetParserRepositoryParser) GetName() string { return v.Name } - -// GetSourceCode returns LegacyGetParserRepositoryParser.SourceCode, and is useful for accessing the field via an interface. -func (v *LegacyGetParserRepositoryParser) GetSourceCode() string { return v.SourceCode } - -// GetTestData returns LegacyGetParserRepositoryParser.TestData, and is useful for accessing the field via an interface. -func (v *LegacyGetParserRepositoryParser) GetTestData() []string { return v.TestData } - -// GetTagFields returns LegacyGetParserRepositoryParser.TagFields, and is useful for accessing the field via an interface. -func (v *LegacyGetParserRepositoryParser) GetTagFields() []string { return v.TagFields } +// GetName returns IngestTokenDetailsParser.Name, and is useful for accessing the field via an interface. +func (v *IngestTokenDetailsParser) GetName() string { return v.Name } -// LegacyGetParserResponse is returned by LegacyGetParser on success. -type LegacyGetParserResponse struct { - // Lookup a given repository by name. - // Stability: Long-term - Repository LegacyGetParserRepository `json:"repository"` -} +// The version of the LogScale query language to use. +type LanguageVersionEnum string -// GetRepository returns LegacyGetParserResponse.Repository, and is useful for accessing the field via an interface. -func (v *LegacyGetParserResponse) GetRepository() LegacyGetParserRepository { return v.Repository } +const ( + LanguageVersionEnumLegacy LanguageVersionEnum = "legacy" + LanguageVersionEnumXdr1 LanguageVersionEnum = "xdr1" + LanguageVersionEnumXdrdetects1 LanguageVersionEnum = "xdrdetects1" + LanguageVersionEnumFilteralert LanguageVersionEnum = "filteralert" + LanguageVersionEnumFederated1 LanguageVersionEnum = "federated1" +) // ListActionsResponse is returned by ListActions on success. type ListActionsResponse struct { @@ -8240,7 +8674,8 @@ type ListActionsSearchDomain interface { // GetActions returns the interface-field "actions" from its implementation. // The GraphQL interface field's documentation follows. // - // Common interface for Repositories and Views. + // A list of saved actions. + // Stability: Long-term GetActions() []ListActionsSearchDomainActionsAction } @@ -8319,6 +8754,7 @@ func __marshalListActionsSearchDomain(v *ListActionsSearchDomain) ([]byte, error // ListActionsSearchDomainActionsHumioRepoAction // ListActionsSearchDomainActionsOpsGenieAction // ListActionsSearchDomainActionsPagerDutyAction +// ListActionsSearchDomainActionsS3Action // ListActionsSearchDomainActionsSlackAction // ListActionsSearchDomainActionsSlackPostMessageAction // ListActionsSearchDomainActionsUploadFileAction @@ -8342,6 +8778,8 @@ func (v *ListActionsSearchDomainActionsOpsGenieAction) implementsGraphQLInterfac } func (v *ListActionsSearchDomainActionsPagerDutyAction) implementsGraphQLInterfaceListActionsSearchDomainActionsAction() { } +func (v *ListActionsSearchDomainActionsS3Action) implementsGraphQLInterfaceListActionsSearchDomainActionsAction() { +} func (v *ListActionsSearchDomainActionsSlackAction) implementsGraphQLInterfaceListActionsSearchDomainActionsAction() { } func (v *ListActionsSearchDomainActionsSlackPostMessageAction) implementsGraphQLInterfaceListActionsSearchDomainActionsAction() { @@ -8379,6 +8817,9 @@ func __unmarshalListActionsSearchDomainActionsAction(b []byte, v *ListActionsSea case "PagerDutyAction": *v = new(ListActionsSearchDomainActionsPagerDutyAction) return json.Unmarshal(b, *v) + case "S3Action": + *v = new(ListActionsSearchDomainActionsS3Action) + return json.Unmarshal(b, *v) case "SlackAction": *v = new(ListActionsSearchDomainActionsSlackAction) return json.Unmarshal(b, *v) @@ -8455,6 +8896,18 @@ func __marshalListActionsSearchDomainActionsAction(v *ListActionsSearchDomainAct *__premarshalListActionsSearchDomainActionsPagerDutyAction }{typename, premarshaled} return json.Marshal(result) + case *ListActionsSearchDomainActionsS3Action: + typename = "S3Action" + + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalListActionsSearchDomainActionsS3Action + }{typename, premarshaled} + return json.Marshal(result) case *ListActionsSearchDomainActionsSlackAction: typename = "SlackAction" @@ -8565,6 +9018,11 @@ func (v *ListActionsSearchDomainActionsEmailAction) GetUseProxy() bool { return v.ActionDetailsEmailAction.UseProxy } +// GetLabels returns ListActionsSearchDomainActionsEmailAction.Labels, and is useful for accessing the field via an interface. +func (v *ListActionsSearchDomainActionsEmailAction) GetLabels() []string { + return v.ActionDetailsEmailAction.Labels +} + func (v *ListActionsSearchDomainActionsEmailAction) UnmarshalJSON(b []byte) error { if string(b) == "null" { @@ -8604,6 +9062,8 @@ type __premarshalListActionsSearchDomainActionsEmailAction struct { EmailBodyTemplate *string `json:"emailBodyTemplate"` UseProxy bool `json:"useProxy"` + + Labels []string `json:"labels"` } func (v *ListActionsSearchDomainActionsEmailAction) MarshalJSON() ([]byte, error) { @@ -8624,6 +9084,7 @@ func (v *ListActionsSearchDomainActionsEmailAction) __premarshalJSON() (*__prema retval.SubjectTemplate = v.ActionDetailsEmailAction.SubjectTemplate retval.EmailBodyTemplate = v.ActionDetailsEmailAction.EmailBodyTemplate retval.UseProxy = v.ActionDetailsEmailAction.UseProxy + retval.Labels = v.ActionDetailsEmailAction.Labels return &retval, nil } @@ -8654,6 +9115,11 @@ func (v *ListActionsSearchDomainActionsHumioRepoAction) GetIngestToken() string return v.ActionDetailsHumioRepoAction.IngestToken } +// GetLabels returns ListActionsSearchDomainActionsHumioRepoAction.Labels, and is useful for accessing the field via an interface. +func (v *ListActionsSearchDomainActionsHumioRepoAction) GetLabels() []string { + return v.ActionDetailsHumioRepoAction.Labels +} + func (v *ListActionsSearchDomainActionsHumioRepoAction) UnmarshalJSON(b []byte) error { if string(b) == "null" { @@ -8687,6 +9153,8 @@ type __premarshalListActionsSearchDomainActionsHumioRepoAction struct { Name string `json:"name"` IngestToken string `json:"ingestToken"` + + Labels []string `json:"labels"` } func (v *ListActionsSearchDomainActionsHumioRepoAction) MarshalJSON() ([]byte, error) { @@ -8704,6 +9172,7 @@ func (v *ListActionsSearchDomainActionsHumioRepoAction) __premarshalJSON() (*__p retval.Id = v.ActionDetailsHumioRepoAction.Id retval.Name = v.ActionDetailsHumioRepoAction.Name retval.IngestToken = v.ActionDetailsHumioRepoAction.IngestToken + retval.Labels = v.ActionDetailsHumioRepoAction.Labels return &retval, nil } @@ -8744,6 +9213,11 @@ func (v *ListActionsSearchDomainActionsOpsGenieAction) GetUseProxy() bool { return v.ActionDetailsOpsGenieAction.UseProxy } +// GetLabels returns ListActionsSearchDomainActionsOpsGenieAction.Labels, and is useful for accessing the field via an interface. +func (v *ListActionsSearchDomainActionsOpsGenieAction) GetLabels() []string { + return v.ActionDetailsOpsGenieAction.Labels +} + func (v *ListActionsSearchDomainActionsOpsGenieAction) UnmarshalJSON(b []byte) error { if string(b) == "null" { @@ -8781,6 +9255,8 @@ type __premarshalListActionsSearchDomainActionsOpsGenieAction struct { GenieKey string `json:"genieKey"` UseProxy bool `json:"useProxy"` + + Labels []string `json:"labels"` } func (v *ListActionsSearchDomainActionsOpsGenieAction) MarshalJSON() ([]byte, error) { @@ -8800,6 +9276,7 @@ func (v *ListActionsSearchDomainActionsOpsGenieAction) __premarshalJSON() (*__pr retval.ApiUrl = v.ActionDetailsOpsGenieAction.ApiUrl retval.GenieKey = v.ActionDetailsOpsGenieAction.GenieKey retval.UseProxy = v.ActionDetailsOpsGenieAction.UseProxy + retval.Labels = v.ActionDetailsOpsGenieAction.Labels return &retval, nil } @@ -8840,6 +9317,11 @@ func (v *ListActionsSearchDomainActionsPagerDutyAction) GetUseProxy() bool { return v.ActionDetailsPagerDutyAction.UseProxy } +// GetLabels returns ListActionsSearchDomainActionsPagerDutyAction.Labels, and is useful for accessing the field via an interface. +func (v *ListActionsSearchDomainActionsPagerDutyAction) GetLabels() []string { + return v.ActionDetailsPagerDutyAction.Labels +} + func (v *ListActionsSearchDomainActionsPagerDutyAction) UnmarshalJSON(b []byte) error { if string(b) == "null" { @@ -8877,6 +9359,8 @@ type __premarshalListActionsSearchDomainActionsPagerDutyAction struct { RoutingKey string `json:"routingKey"` UseProxy bool `json:"useProxy"` + + Labels []string `json:"labels"` } func (v *ListActionsSearchDomainActionsPagerDutyAction) MarshalJSON() ([]byte, error) { @@ -8896,6 +9380,141 @@ func (v *ListActionsSearchDomainActionsPagerDutyAction) __premarshalJSON() (*__p retval.Severity = v.ActionDetailsPagerDutyAction.Severity retval.RoutingKey = v.ActionDetailsPagerDutyAction.RoutingKey retval.UseProxy = v.ActionDetailsPagerDutyAction.UseProxy + retval.Labels = v.ActionDetailsPagerDutyAction.Labels + return &retval, nil +} + +// ListActionsSearchDomainActionsS3Action includes the requested fields of the GraphQL type S3Action. +// The GraphQL type's documentation follows. +// +// An S3 action +type ListActionsSearchDomainActionsS3Action struct { + Typename *string `json:"__typename"` + ActionDetailsS3Action `json:"-"` +} + +// GetTypename returns ListActionsSearchDomainActionsS3Action.Typename, and is useful for accessing the field via an interface. +func (v *ListActionsSearchDomainActionsS3Action) GetTypename() *string { return v.Typename } + +// GetId returns ListActionsSearchDomainActionsS3Action.Id, and is useful for accessing the field via an interface. +func (v *ListActionsSearchDomainActionsS3Action) GetId() string { return v.ActionDetailsS3Action.Id } + +// GetName returns ListActionsSearchDomainActionsS3Action.Name, and is useful for accessing the field via an interface. +func (v *ListActionsSearchDomainActionsS3Action) GetName() string { + return v.ActionDetailsS3Action.Name +} + +// GetRoleArn returns ListActionsSearchDomainActionsS3Action.RoleArn, and is useful for accessing the field via an interface. +func (v *ListActionsSearchDomainActionsS3Action) GetRoleArn() string { + return v.ActionDetailsS3Action.RoleArn +} + +// GetAwsRegion returns ListActionsSearchDomainActionsS3Action.AwsRegion, and is useful for accessing the field via an interface. +func (v *ListActionsSearchDomainActionsS3Action) GetAwsRegion() string { + return v.ActionDetailsS3Action.AwsRegion +} + +// GetBucketName returns ListActionsSearchDomainActionsS3Action.BucketName, and is useful for accessing the field via an interface. +func (v *ListActionsSearchDomainActionsS3Action) GetBucketName() string { + return v.ActionDetailsS3Action.BucketName +} + +// GetFileName returns ListActionsSearchDomainActionsS3Action.FileName, and is useful for accessing the field via an interface. +func (v *ListActionsSearchDomainActionsS3Action) GetFileName() string { + return v.ActionDetailsS3Action.FileName +} + +// GetOutputFormat returns ListActionsSearchDomainActionsS3Action.OutputFormat, and is useful for accessing the field via an interface. +func (v *ListActionsSearchDomainActionsS3Action) GetOutputFormat() S3ActionEventOutputFormat { + return v.ActionDetailsS3Action.OutputFormat +} + +// GetOutputMetadata returns ListActionsSearchDomainActionsS3Action.OutputMetadata, and is useful for accessing the field via an interface. +func (v *ListActionsSearchDomainActionsS3Action) GetOutputMetadata() bool { + return v.ActionDetailsS3Action.OutputMetadata +} + +// GetUseProxy returns ListActionsSearchDomainActionsS3Action.UseProxy, and is useful for accessing the field via an interface. +func (v *ListActionsSearchDomainActionsS3Action) GetUseProxy() bool { + return v.ActionDetailsS3Action.UseProxy +} + +// GetLabels returns ListActionsSearchDomainActionsS3Action.Labels, and is useful for accessing the field via an interface. +func (v *ListActionsSearchDomainActionsS3Action) GetLabels() []string { + return v.ActionDetailsS3Action.Labels +} + +func (v *ListActionsSearchDomainActionsS3Action) UnmarshalJSON(b []byte) error { + + if string(b) == "null" { + return nil + } + + var firstPass struct { + *ListActionsSearchDomainActionsS3Action + graphql.NoUnmarshalJSON + } + firstPass.ListActionsSearchDomainActionsS3Action = v + + err := json.Unmarshal(b, &firstPass) + if err != nil { + return err + } + + err = json.Unmarshal( + b, &v.ActionDetailsS3Action) + if err != nil { + return err + } + return nil +} + +type __premarshalListActionsSearchDomainActionsS3Action struct { + Typename *string `json:"__typename"` + + Id string `json:"id"` + + Name string `json:"name"` + + RoleArn string `json:"roleArn"` + + AwsRegion string `json:"awsRegion"` + + BucketName string `json:"bucketName"` + + FileName string `json:"fileName"` + + OutputFormat S3ActionEventOutputFormat `json:"outputFormat"` + + OutputMetadata bool `json:"outputMetadata"` + + UseProxy bool `json:"useProxy"` + + Labels []string `json:"labels"` +} + +func (v *ListActionsSearchDomainActionsS3Action) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) +} + +func (v *ListActionsSearchDomainActionsS3Action) __premarshalJSON() (*__premarshalListActionsSearchDomainActionsS3Action, error) { + var retval __premarshalListActionsSearchDomainActionsS3Action + + retval.Typename = v.Typename + retval.Id = v.ActionDetailsS3Action.Id + retval.Name = v.ActionDetailsS3Action.Name + retval.RoleArn = v.ActionDetailsS3Action.RoleArn + retval.AwsRegion = v.ActionDetailsS3Action.AwsRegion + retval.BucketName = v.ActionDetailsS3Action.BucketName + retval.FileName = v.ActionDetailsS3Action.FileName + retval.OutputFormat = v.ActionDetailsS3Action.OutputFormat + retval.OutputMetadata = v.ActionDetailsS3Action.OutputMetadata + retval.UseProxy = v.ActionDetailsS3Action.UseProxy + retval.Labels = v.ActionDetailsS3Action.Labels return &retval, nil } @@ -8936,6 +9555,11 @@ func (v *ListActionsSearchDomainActionsSlackAction) GetUseProxy() bool { return v.ActionDetailsSlackAction.UseProxy } +// GetLabels returns ListActionsSearchDomainActionsSlackAction.Labels, and is useful for accessing the field via an interface. +func (v *ListActionsSearchDomainActionsSlackAction) GetLabels() []string { + return v.ActionDetailsSlackAction.Labels +} + func (v *ListActionsSearchDomainActionsSlackAction) UnmarshalJSON(b []byte) error { if string(b) == "null" { @@ -8973,6 +9597,8 @@ type __premarshalListActionsSearchDomainActionsSlackAction struct { Fields []ActionDetailsFieldsSlackFieldEntry `json:"fields"` UseProxy bool `json:"useProxy"` + + Labels []string `json:"labels"` } func (v *ListActionsSearchDomainActionsSlackAction) MarshalJSON() ([]byte, error) { @@ -8992,6 +9618,7 @@ func (v *ListActionsSearchDomainActionsSlackAction) __premarshalJSON() (*__prema retval.Url = v.ActionDetailsSlackAction.Url retval.Fields = v.ActionDetailsSlackAction.Fields retval.UseProxy = v.ActionDetailsSlackAction.UseProxy + retval.Labels = v.ActionDetailsSlackAction.Labels return &retval, nil } @@ -9039,6 +9666,11 @@ func (v *ListActionsSearchDomainActionsSlackPostMessageAction) GetUseProxy() boo return v.ActionDetailsSlackPostMessageAction.UseProxy } +// GetLabels returns ListActionsSearchDomainActionsSlackPostMessageAction.Labels, and is useful for accessing the field via an interface. +func (v *ListActionsSearchDomainActionsSlackPostMessageAction) GetLabels() []string { + return v.ActionDetailsSlackPostMessageAction.Labels +} + func (v *ListActionsSearchDomainActionsSlackPostMessageAction) UnmarshalJSON(b []byte) error { if string(b) == "null" { @@ -9078,6 +9710,8 @@ type __premarshalListActionsSearchDomainActionsSlackPostMessageAction struct { Fields []ActionDetailsFieldsSlackFieldEntry `json:"fields"` UseProxy bool `json:"useProxy"` + + Labels []string `json:"labels"` } func (v *ListActionsSearchDomainActionsSlackPostMessageAction) MarshalJSON() ([]byte, error) { @@ -9098,6 +9732,7 @@ func (v *ListActionsSearchDomainActionsSlackPostMessageAction) __premarshalJSON( retval.Channels = v.ActionDetailsSlackPostMessageAction.Channels retval.Fields = v.ActionDetailsSlackPostMessageAction.Fields retval.UseProxy = v.ActionDetailsSlackPostMessageAction.UseProxy + retval.Labels = v.ActionDetailsSlackPostMessageAction.Labels return &retval, nil } @@ -9128,6 +9763,11 @@ func (v *ListActionsSearchDomainActionsUploadFileAction) GetFileName() string { return v.ActionDetailsUploadFileAction.FileName } +// GetLabels returns ListActionsSearchDomainActionsUploadFileAction.Labels, and is useful for accessing the field via an interface. +func (v *ListActionsSearchDomainActionsUploadFileAction) GetLabels() []string { + return v.ActionDetailsUploadFileAction.Labels +} + func (v *ListActionsSearchDomainActionsUploadFileAction) UnmarshalJSON(b []byte) error { if string(b) == "null" { @@ -9161,6 +9801,8 @@ type __premarshalListActionsSearchDomainActionsUploadFileAction struct { Name string `json:"name"` FileName string `json:"fileName"` + + Labels []string `json:"labels"` } func (v *ListActionsSearchDomainActionsUploadFileAction) MarshalJSON() ([]byte, error) { @@ -9178,6 +9820,7 @@ func (v *ListActionsSearchDomainActionsUploadFileAction) __premarshalJSON() (*__ retval.Id = v.ActionDetailsUploadFileAction.Id retval.Name = v.ActionDetailsUploadFileAction.Name retval.FileName = v.ActionDetailsUploadFileAction.FileName + retval.Labels = v.ActionDetailsUploadFileAction.Labels return &retval, nil } @@ -9218,6 +9861,11 @@ func (v *ListActionsSearchDomainActionsVictorOpsAction) GetUseProxy() bool { return v.ActionDetailsVictorOpsAction.UseProxy } +// GetLabels returns ListActionsSearchDomainActionsVictorOpsAction.Labels, and is useful for accessing the field via an interface. +func (v *ListActionsSearchDomainActionsVictorOpsAction) GetLabels() []string { + return v.ActionDetailsVictorOpsAction.Labels +} + func (v *ListActionsSearchDomainActionsVictorOpsAction) UnmarshalJSON(b []byte) error { if string(b) == "null" { @@ -9255,6 +9903,8 @@ type __premarshalListActionsSearchDomainActionsVictorOpsAction struct { NotifyUrl string `json:"notifyUrl"` UseProxy bool `json:"useProxy"` + + Labels []string `json:"labels"` } func (v *ListActionsSearchDomainActionsVictorOpsAction) MarshalJSON() ([]byte, error) { @@ -9274,6 +9924,7 @@ func (v *ListActionsSearchDomainActionsVictorOpsAction) __premarshalJSON() (*__p retval.MessageType = v.ActionDetailsVictorOpsAction.MessageType retval.NotifyUrl = v.ActionDetailsVictorOpsAction.NotifyUrl retval.UseProxy = v.ActionDetailsVictorOpsAction.UseProxy + retval.Labels = v.ActionDetailsVictorOpsAction.Labels return &retval, nil } @@ -9329,6 +9980,11 @@ func (v *ListActionsSearchDomainActionsWebhookAction) GetUseProxy() bool { return v.ActionDetailsWebhookAction.UseProxy } +// GetLabels returns ListActionsSearchDomainActionsWebhookAction.Labels, and is useful for accessing the field via an interface. +func (v *ListActionsSearchDomainActionsWebhookAction) GetLabels() []string { + return v.ActionDetailsWebhookAction.Labels +} + func (v *ListActionsSearchDomainActionsWebhookAction) UnmarshalJSON(b []byte) error { if string(b) == "null" { @@ -9372,6 +10028,8 @@ type __premarshalListActionsSearchDomainActionsWebhookAction struct { IgnoreSSL bool `json:"ignoreSSL"` UseProxy bool `json:"useProxy"` + + Labels []string `json:"labels"` } func (v *ListActionsSearchDomainActionsWebhookAction) MarshalJSON() ([]byte, error) { @@ -9394,6 +10052,7 @@ func (v *ListActionsSearchDomainActionsWebhookAction) __premarshalJSON() (*__pre retval.WebhookBodyTemplate = v.ActionDetailsWebhookAction.WebhookBodyTemplate retval.IgnoreSSL = v.ActionDetailsWebhookAction.IgnoreSSL retval.UseProxy = v.ActionDetailsWebhookAction.UseProxy + retval.Labels = v.ActionDetailsWebhookAction.Labels return &retval, nil } @@ -9403,7 +10062,8 @@ func (v *ListActionsSearchDomainActionsWebhookAction) __premarshalJSON() (*__pre // A repository stores ingested data, configures parsers and data retention policies. type ListActionsSearchDomainRepository struct { Typename *string `json:"__typename"` - // Common interface for Repositories and Views. + // A list of saved actions. + // Stability: Long-term Actions []ListActionsSearchDomainActionsAction `json:"-"` } @@ -9499,7 +10159,8 @@ func (v *ListActionsSearchDomainRepository) __premarshalJSON() (*__premarshalLis // Represents information about a view, pulling data from one or several repositories. type ListActionsSearchDomainView struct { Typename *string `json:"__typename"` - // Common interface for Repositories and Views. + // A list of saved actions. + // Stability: Long-term Actions []ListActionsSearchDomainActionsAction `json:"-"` } @@ -9678,7 +10339,8 @@ type ListAggregateAlertsSearchDomain interface { // GetAggregateAlerts returns the interface-field "aggregateAlerts" from its implementation. // The GraphQL interface field's documentation follows. // - // Common interface for Repositories and Views. + // Saved aggregate alerts. + // Stability: Long-term GetAggregateAlerts() []ListAggregateAlertsSearchDomainAggregateAlertsAggregateAlert } @@ -9931,7 +10593,8 @@ func (v *ListAggregateAlertsSearchDomainAggregateAlertsAggregateAlert) __premars // A repository stores ingested data, configures parsers and data retention policies. type ListAggregateAlertsSearchDomainRepository struct { Typename *string `json:"__typename"` - // Common interface for Repositories and Views. + // Saved aggregate alerts. + // Stability: Long-term AggregateAlerts []ListAggregateAlertsSearchDomainAggregateAlertsAggregateAlert `json:"aggregateAlerts"` } @@ -9949,7 +10612,8 @@ func (v *ListAggregateAlertsSearchDomainRepository) GetAggregateAlerts() []ListA // Represents information about a view, pulling data from one or several repositories. type ListAggregateAlertsSearchDomainView struct { Typename *string `json:"__typename"` - // Common interface for Repositories and Views. + // Saved aggregate alerts. + // Stability: Long-term AggregateAlerts []ListAggregateAlertsSearchDomainAggregateAlertsAggregateAlert `json:"aggregateAlerts"` } @@ -10048,7 +10712,8 @@ type ListAlertsSearchDomain interface { // GetAlerts returns the interface-field "alerts" from its implementation. // The GraphQL interface field's documentation follows. // - // Common interface for Repositories and Views. + // Saved alerts. + // Stability: Long-term GetAlerts() []ListAlertsSearchDomainAlertsAlert } @@ -10144,9 +10809,6 @@ func (v *ListAlertsSearchDomainAlertsAlert) GetTimeOfLastTrigger() *int64 { return v.AlertDetails.TimeOfLastTrigger } -// GetIsStarred returns ListAlertsSearchDomainAlertsAlert.IsStarred, and is useful for accessing the field via an interface. -func (v *ListAlertsSearchDomainAlertsAlert) GetIsStarred() bool { return v.AlertDetails.IsStarred } - // GetDescription returns ListAlertsSearchDomainAlertsAlert.Description, and is useful for accessing the field via an interface. func (v *ListAlertsSearchDomainAlertsAlert) GetDescription() *string { return v.AlertDetails.Description @@ -10212,8 +10874,6 @@ type __premarshalListAlertsSearchDomainAlertsAlert struct { TimeOfLastTrigger *int64 `json:"timeOfLastTrigger"` - IsStarred bool `json:"isStarred"` - Description *string `json:"description"` ThrottleTimeMillis int64 `json:"throttleTimeMillis"` @@ -10246,7 +10906,6 @@ func (v *ListAlertsSearchDomainAlertsAlert) __premarshalJSON() (*__premarshalLis retval.QueryStart = v.AlertDetails.QueryStart retval.ThrottleField = v.AlertDetails.ThrottleField retval.TimeOfLastTrigger = v.AlertDetails.TimeOfLastTrigger - retval.IsStarred = v.AlertDetails.IsStarred retval.Description = v.AlertDetails.Description retval.ThrottleTimeMillis = v.AlertDetails.ThrottleTimeMillis retval.Enabled = v.AlertDetails.Enabled @@ -10274,7 +10933,8 @@ func (v *ListAlertsSearchDomainAlertsAlert) __premarshalJSON() (*__premarshalLis // A repository stores ingested data, configures parsers and data retention policies. type ListAlertsSearchDomainRepository struct { Typename *string `json:"__typename"` - // Common interface for Repositories and Views. + // Saved alerts. + // Stability: Long-term Alerts []ListAlertsSearchDomainAlertsAlert `json:"alerts"` } @@ -10292,7 +10952,8 @@ func (v *ListAlertsSearchDomainRepository) GetAlerts() []ListAlertsSearchDomainA // Represents information about a view, pulling data from one or several repositories. type ListAlertsSearchDomainView struct { Typename *string `json:"__typename"` - // Common interface for Repositories and Views. + // Saved alerts. + // Stability: Long-term Alerts []ListAlertsSearchDomainAlertsAlert `json:"alerts"` } @@ -10456,7 +11117,7 @@ type ListFilesSearchDomain interface { // GetFiles returns the interface-field "files" from its implementation. // The GraphQL interface field's documentation follows. // - // Common interface for Repositories and Views. + // Stability: Long-term GetFiles() []ListFilesSearchDomainFilesFile } @@ -10554,7 +11215,7 @@ func (v *ListFilesSearchDomainFilesFileNameAndPath) GetName() string { return v. // A repository stores ingested data, configures parsers and data retention policies. type ListFilesSearchDomainRepository struct { Typename *string `json:"__typename"` - // Common interface for Repositories and Views. + // Stability: Long-term Files []ListFilesSearchDomainFilesFile `json:"files"` } @@ -10570,7 +11231,7 @@ func (v *ListFilesSearchDomainRepository) GetFiles() []ListFilesSearchDomainFile // Represents information about a view, pulling data from one or several repositories. type ListFilesSearchDomainView struct { Typename *string `json:"__typename"` - // Common interface for Repositories and Views. + // Stability: Long-term Files []ListFilesSearchDomainFilesFile `json:"files"` } @@ -10669,7 +11330,8 @@ type ListFilterAlertsSearchDomain interface { // GetFilterAlerts returns the interface-field "filterAlerts" from its implementation. // The GraphQL interface field's documentation follows. // - // Common interface for Repositories and Views. + // Saved filter alerts. + // Stability: Long-term GetFilterAlerts() []ListFilterAlertsSearchDomainFilterAlertsFilterAlert } @@ -10897,7 +11559,8 @@ func (v *ListFilterAlertsSearchDomainFilterAlertsFilterAlert) __premarshalJSON() // A repository stores ingested data, configures parsers and data retention policies. type ListFilterAlertsSearchDomainRepository struct { Typename *string `json:"__typename"` - // Common interface for Repositories and Views. + // Saved filter alerts. + // Stability: Long-term FilterAlerts []ListFilterAlertsSearchDomainFilterAlertsFilterAlert `json:"filterAlerts"` } @@ -10915,7 +11578,8 @@ func (v *ListFilterAlertsSearchDomainRepository) GetFilterAlerts() []ListFilterA // Represents information about a view, pulling data from one or several repositories. type ListFilterAlertsSearchDomainView struct { Typename *string `json:"__typename"` - // Common interface for Repositories and Views. + // Saved filter alerts. + // Stability: Long-term FilterAlerts []ListFilterAlertsSearchDomainFilterAlertsFilterAlert `json:"filterAlerts"` } @@ -11154,7 +11818,8 @@ type ListInstalledPackagesSearchDomain interface { // GetInstalledPackages returns the interface-field "installedPackages" from its implementation. // The GraphQL interface field's documentation follows. // - // Common interface for Repositories and Views. + // List packages installed on a specific view or repo. + // Stability: Long-term GetInstalledPackages() []ListInstalledPackagesSearchDomainInstalledPackagesPackageInstallation } @@ -11305,7 +11970,8 @@ func (v *ListInstalledPackagesSearchDomainInstalledPackagesPackageInstallationUp // A repository stores ingested data, configures parsers and data retention policies. type ListInstalledPackagesSearchDomainRepository struct { Typename *string `json:"__typename"` - // Common interface for Repositories and Views. + // List packages installed on a specific view or repo. + // Stability: Long-term InstalledPackages []ListInstalledPackagesSearchDomainInstalledPackagesPackageInstallation `json:"installedPackages"` } @@ -11323,7 +11989,8 @@ func (v *ListInstalledPackagesSearchDomainRepository) GetInstalledPackages() []L // Represents information about a view, pulling data from one or several repositories. type ListInstalledPackagesSearchDomainView struct { Typename *string `json:"__typename"` - // Common interface for Repositories and Views. + // List packages installed on a specific view or repo. + // Stability: Long-term InstalledPackages []ListInstalledPackagesSearchDomainInstalledPackagesPackageInstallation `json:"installedPackages"` } @@ -11598,7 +12265,8 @@ type ListScheduledSearchesSearchDomain interface { // GetScheduledSearches returns the interface-field "scheduledSearches" from its implementation. // The GraphQL interface field's documentation follows. // - // Common interface for Repositories and Views. + // Saved scheduled searches. + // Stability: Long-term GetScheduledSearches() []ListScheduledSearchesSearchDomainScheduledSearchesScheduledSearch } @@ -11670,7 +12338,8 @@ func __marshalListScheduledSearchesSearchDomain(v *ListScheduledSearchesSearchDo // A repository stores ingested data, configures parsers and data retention policies. type ListScheduledSearchesSearchDomainRepository struct { Typename *string `json:"__typename"` - // Common interface for Repositories and Views. + // Saved scheduled searches. + // Stability: Long-term ScheduledSearches []ListScheduledSearchesSearchDomainScheduledSearchesScheduledSearch `json:"scheduledSearches"` } @@ -11869,7 +12538,8 @@ func (v *ListScheduledSearchesSearchDomainScheduledSearchesScheduledSearch) __pr // Represents information about a view, pulling data from one or several repositories. type ListScheduledSearchesSearchDomainView struct { Typename *string `json:"__typename"` - // Common interface for Repositories and Views. + // Saved scheduled searches. + // Stability: Long-term ScheduledSearches []ListScheduledSearchesSearchDomainScheduledSearchesScheduledSearch `json:"scheduledSearches"` } @@ -11970,7 +12640,8 @@ type ListScheduledSearchesV2SearchDomain interface { // GetScheduledSearches returns the interface-field "scheduledSearches" from its implementation. // The GraphQL interface field's documentation follows. // - // Common interface for Repositories and Views. + // Saved scheduled searches. + // Stability: Long-term GetScheduledSearches() []ListScheduledSearchesV2SearchDomainScheduledSearchesScheduledSearch } @@ -12042,7 +12713,8 @@ func __marshalListScheduledSearchesV2SearchDomain(v *ListScheduledSearchesV2Sear // A repository stores ingested data, configures parsers and data retention policies. type ListScheduledSearchesV2SearchDomainRepository struct { Typename *string `json:"__typename"` - // Common interface for Repositories and Views. + // Saved scheduled searches. + // Stability: Long-term ScheduledSearches []ListScheduledSearchesV2SearchDomainScheduledSearchesScheduledSearch `json:"scheduledSearches"` } @@ -12257,7 +12929,8 @@ func (v *ListScheduledSearchesV2SearchDomainScheduledSearchesScheduledSearch) __ // Represents information about a view, pulling data from one or several repositories. type ListScheduledSearchesV2SearchDomainView struct { Typename *string `json:"__typename"` - // Common interface for Repositories and Views. + // Saved scheduled searches. + // Stability: Long-term ScheduledSearches []ListScheduledSearchesV2SearchDomainScheduledSearchesScheduledSearch `json:"scheduledSearches"` } @@ -12361,9 +13034,9 @@ func (v *ListSearchDomainsResponse) __premarshalJSON() (*__premarshalListSearchD // A repository stores ingested data, configures parsers and data retention policies. type ListSearchDomainsSearchDomainsRepository struct { Typename *string `json:"__typename"` - // Common interface for Repositories and Views. + // Stability: Long-term Name string `json:"name"` - // Common interface for Repositories and Views. + // Stability: Long-term AutomaticSearch bool `json:"automaticSearch"` } @@ -12393,12 +13066,12 @@ type ListSearchDomainsSearchDomainsSearchDomain interface { // GetName returns the interface-field "name" from its implementation. // The GraphQL interface field's documentation follows. // - // Common interface for Repositories and Views. + // Stability: Long-term GetName() string // GetAutomaticSearch returns the interface-field "automaticSearch" from its implementation. // The GraphQL interface field's documentation follows. // - // Common interface for Repositories and Views. + // Stability: Long-term GetAutomaticSearch() bool } @@ -12470,9 +13143,9 @@ func __marshalListSearchDomainsSearchDomainsSearchDomain(v *ListSearchDomainsSea // Represents information about a view, pulling data from one or several repositories. type ListSearchDomainsSearchDomainsView struct { Typename *string `json:"__typename"` - // Common interface for Repositories and Views. + // Stability: Long-term Name string `json:"name"` - // Common interface for Repositories and Views. + // Stability: Long-term AutomaticSearch bool `json:"automaticSearch"` } @@ -12602,6 +13275,7 @@ func (v *ListUsersUsersUser) __premarshalJSON() (*__premarshalListUsersUsersUser type OrganizationPermission string const ( + OrganizationPermissionGeneratequeryexplanations OrganizationPermission = "GenerateQueryExplanations" OrganizationPermissionExportorganization OrganizationPermission = "ExportOrganization" OrganizationPermissionChangeorganizationpermissions OrganizationPermission = "ChangeOrganizationPermissions" OrganizationPermissionChangeidentityproviders OrganizationPermission = "ChangeIdentityProviders" @@ -12634,6 +13308,8 @@ const ( PackageInstallationSourceTypeHumiohub PackageInstallationSourceType = "HumioHub" // Stability: Long-term PackageInstallationSourceTypeZipfile PackageInstallationSourceType = "ZipFile" + // Stability: Short-term + PackageInstallationSourceTypeLogscaleassetresolutionservice PackageInstallationSourceType = "LogScaleAssetResolutionService" ) // ParserDetails includes the GraphQL fields of Parser requested by the fragment ParserDetails. @@ -12808,9 +13484,9 @@ func (v *ParserDetailsTestCasesParserTestCaseOutputAssertionsParserTestCaseAsser // Assertions on the shape of a given test case output event. It is a key-pair value, where the index of the output event is the key, and the assertions are the value. type ParserTestCaseAssertionsForOutputInput struct { - // Assertions on the shape of a given test case output event. It is a key-pair value, where the index of the output event is the key, and the assertions are the value. + // The index of the output event which the assertions should apply to. OutputEventIndex int `json:"outputEventIndex"` - // Assertions on the shape of a given test case output event. It is a key-pair value, where the index of the output event is the key, and the assertions are the value. + // Assertions on the shape of a given test case output event. Assertions ParserTestCaseOutputAssertionsInput `json:"assertions"` } @@ -12824,9 +13500,9 @@ func (v *ParserTestCaseAssertionsForOutputInput) GetAssertions() ParserTestCaseO // A test case for a parser. type ParserTestCaseInput struct { - // A test case for a parser. + // The event to parse and test on. Event ParserTestEventInput `json:"event"` - // A test case for a parser. + // Assertions on the shape of the test case output events. The list consists of key-value pairs to be treated as a map-construct, where the index of the output event is the key, and the assertions are the value. OutputAssertions []ParserTestCaseAssertionsForOutputInput `json:"outputAssertions"` } @@ -12840,9 +13516,9 @@ func (v *ParserTestCaseInput) GetOutputAssertions() []ParserTestCaseAssertionsFo // Assertions on the shape of a given test case output event. type ParserTestCaseOutputAssertionsInput struct { - // Assertions on the shape of a given test case output event. + // Names of fields which should not be present on the output event. FieldsNotPresent []string `json:"fieldsNotPresent"` - // Assertions on the shape of a given test case output event. + // Names of fields and their expected value on the output event. These are key-value pairs, and should be treated as a map-construct. FieldsHaveValues []FieldHasValueInput `json:"fieldsHaveValues"` } @@ -12858,7 +13534,7 @@ func (v *ParserTestCaseOutputAssertionsInput) GetFieldsHaveValues() []FieldHasVa // An event for a parser to parse during testing. type ParserTestEventInput struct { - // An event for a parser to parse during testing. + // The contents of the `@rawstring` field when the event begins parsing. RawString string `json:"rawString"` } @@ -12870,8 +13546,6 @@ type Permission string const ( PermissionChangeuseraccess Permission = "ChangeUserAccess" - // Permission to administer alerts, scheduled searches and actions - PermissionChangetriggersandactions Permission = "ChangeTriggersAndActions" // Permission to administer alerts and scheduled searches PermissionChangetriggers Permission = "ChangeTriggers" PermissionCreatetriggers Permission = "CreateTriggers" @@ -12898,6 +13572,7 @@ const ( PermissionUpdatesavedqueries Permission = "UpdateSavedQueries" PermissionDeletesavedqueries Permission = "DeleteSavedQueries" PermissionConnectview Permission = "ConnectView" + PermissionChangearchivingsettings Permission = "ChangeArchivingSettings" PermissionChangedatadeletionpermissions Permission = "ChangeDataDeletionPermissions" PermissionChangeretention Permission = "ChangeRetention" PermissionChangedefaultsearchsettings Permission = "ChangeDefaultSearchSettings" @@ -12937,7 +13612,8 @@ type QueryOwnership interface { // GetId returns the interface-field "id" from its implementation. // The GraphQL interface field's documentation follows. // - // Query ownership + // Id of organization or user owning and running the query + // Stability: Long-term GetId() string } @@ -13006,7 +13682,8 @@ func __marshalQueryOwnership(v *QueryOwnership) ([]byte, error) { // // Query ownership type QueryOwnershipOrganizationOwnership struct { - // Query ownership + // Id of organization or user owning and running the query + // Stability: Long-term Id string `json:"id"` } @@ -13028,7 +13705,8 @@ const ( // // Query ownership type QueryOwnershipUserOwnership struct { - // Query ownership + // Id of organization or user owning and running the query + // Stability: Long-term Id string `json:"id"` } @@ -13056,7 +13734,6 @@ func (v *RemoveFileRemoveFileBooleanResultType) GetTypename() *string { return v // RemoveFileResponse is returned by RemoveFile on success. type RemoveFileResponse struct { // Remove file - // Stability: Long-term RemoveFile RemoveFileRemoveFileBooleanResultType `json:"removeFile"` } @@ -13388,6 +14065,16 @@ type RotateTokenByIDResponse struct { // GetRotateToken returns RotateTokenByIDResponse.RotateToken, and is useful for accessing the field via an interface. func (v *RotateTokenByIDResponse) GetRotateToken() string { return v.RotateToken } +// Output format to use for S3 action +type S3ActionEventOutputFormat string + +const ( + // Use NDJSON when writing to S3 + S3ActionEventOutputFormatNdjson S3ActionEventOutputFormat = "NDJSON" + // Use CSV when writing to S3 + S3ActionEventOutputFormatCsv S3ActionEventOutputFormat = "CSV" +) + // The format to store archived segments in AWS S3. type S3ArchivingFormat string @@ -13625,6 +14312,7 @@ func (v *ScheduledSearchDetails) __premarshalJSON() (*__premarshalScheduledSearc // ScheduledSearchDetailsActionsV2HumioRepoAction // ScheduledSearchDetailsActionsV2OpsGenieAction // ScheduledSearchDetailsActionsV2PagerDutyAction +// ScheduledSearchDetailsActionsV2S3Action // ScheduledSearchDetailsActionsV2SlackAction // ScheduledSearchDetailsActionsV2SlackPostMessageAction // ScheduledSearchDetailsActionsV2UploadFileAction @@ -13640,7 +14328,8 @@ type ScheduledSearchDetailsActionsV2Action interface { // GetName returns the interface-field "name" from its implementation. // The GraphQL interface field's documentation follows. // - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term GetName() string } @@ -13652,6 +14341,8 @@ func (v *ScheduledSearchDetailsActionsV2OpsGenieAction) implementsGraphQLInterfa } func (v *ScheduledSearchDetailsActionsV2PagerDutyAction) implementsGraphQLInterfaceScheduledSearchDetailsActionsV2Action() { } +func (v *ScheduledSearchDetailsActionsV2S3Action) implementsGraphQLInterfaceScheduledSearchDetailsActionsV2Action() { +} func (v *ScheduledSearchDetailsActionsV2SlackAction) implementsGraphQLInterfaceScheduledSearchDetailsActionsV2Action() { } func (v *ScheduledSearchDetailsActionsV2SlackPostMessageAction) implementsGraphQLInterfaceScheduledSearchDetailsActionsV2Action() { @@ -13689,6 +14380,9 @@ func __unmarshalScheduledSearchDetailsActionsV2Action(b []byte, v *ScheduledSear case "PagerDutyAction": *v = new(ScheduledSearchDetailsActionsV2PagerDutyAction) return json.Unmarshal(b, *v) + case "S3Action": + *v = new(ScheduledSearchDetailsActionsV2S3Action) + return json.Unmarshal(b, *v) case "SlackAction": *v = new(ScheduledSearchDetailsActionsV2SlackAction) return json.Unmarshal(b, *v) @@ -13749,6 +14443,14 @@ func __marshalScheduledSearchDetailsActionsV2Action(v *ScheduledSearchDetailsAct *ScheduledSearchDetailsActionsV2PagerDutyAction }{typename, v} return json.Marshal(result) + case *ScheduledSearchDetailsActionsV2S3Action: + typename = "S3Action" + + result := struct { + TypeName string `json:"__typename"` + *ScheduledSearchDetailsActionsV2S3Action + }{typename, v} + return json.Marshal(result) case *ScheduledSearchDetailsActionsV2SlackAction: typename = "SlackAction" @@ -13803,7 +14505,8 @@ func __marshalScheduledSearchDetailsActionsV2Action(v *ScheduledSearchDetailsAct // An email action. type ScheduledSearchDetailsActionsV2EmailAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -13819,7 +14522,8 @@ func (v *ScheduledSearchDetailsActionsV2EmailAction) GetName() string { return v // A LogScale repository action. type ScheduledSearchDetailsActionsV2HumioRepoAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -13835,7 +14539,8 @@ func (v *ScheduledSearchDetailsActionsV2HumioRepoAction) GetName() string { retu // An OpsGenie action type ScheduledSearchDetailsActionsV2OpsGenieAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -13851,7 +14556,8 @@ func (v *ScheduledSearchDetailsActionsV2OpsGenieAction) GetName() string { retur // A PagerDuty action. type ScheduledSearchDetailsActionsV2PagerDutyAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -13861,13 +14567,31 @@ func (v *ScheduledSearchDetailsActionsV2PagerDutyAction) GetTypename() *string { // GetName returns ScheduledSearchDetailsActionsV2PagerDutyAction.Name, and is useful for accessing the field via an interface. func (v *ScheduledSearchDetailsActionsV2PagerDutyAction) GetName() string { return v.Name } +// ScheduledSearchDetailsActionsV2S3Action includes the requested fields of the GraphQL type S3Action. +// The GraphQL type's documentation follows. +// +// An S3 action +type ScheduledSearchDetailsActionsV2S3Action struct { + Typename *string `json:"__typename"` + // The name of the action. + // Stability: Long-term + Name string `json:"name"` +} + +// GetTypename returns ScheduledSearchDetailsActionsV2S3Action.Typename, and is useful for accessing the field via an interface. +func (v *ScheduledSearchDetailsActionsV2S3Action) GetTypename() *string { return v.Typename } + +// GetName returns ScheduledSearchDetailsActionsV2S3Action.Name, and is useful for accessing the field via an interface. +func (v *ScheduledSearchDetailsActionsV2S3Action) GetName() string { return v.Name } + // ScheduledSearchDetailsActionsV2SlackAction includes the requested fields of the GraphQL type SlackAction. // The GraphQL type's documentation follows. // // A Slack action type ScheduledSearchDetailsActionsV2SlackAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -13883,7 +14607,8 @@ func (v *ScheduledSearchDetailsActionsV2SlackAction) GetName() string { return v // A slack post-message action. type ScheduledSearchDetailsActionsV2SlackPostMessageAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -13901,7 +14626,8 @@ func (v *ScheduledSearchDetailsActionsV2SlackPostMessageAction) GetName() string // An upload file action. type ScheduledSearchDetailsActionsV2UploadFileAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -13917,7 +14643,8 @@ func (v *ScheduledSearchDetailsActionsV2UploadFileAction) GetName() string { ret // A VictorOps action. type ScheduledSearchDetailsActionsV2VictorOpsAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -13933,7 +14660,8 @@ func (v *ScheduledSearchDetailsActionsV2VictorOpsAction) GetName() string { retu // A webhook action type ScheduledSearchDetailsActionsV2WebhookAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -14197,6 +14925,7 @@ func (v *ScheduledSearchV2Details) __premarshalJSON() (*__premarshalScheduledSea // ScheduledSearchV2DetailsActionsV2HumioRepoAction // ScheduledSearchV2DetailsActionsV2OpsGenieAction // ScheduledSearchV2DetailsActionsV2PagerDutyAction +// ScheduledSearchV2DetailsActionsV2S3Action // ScheduledSearchV2DetailsActionsV2SlackAction // ScheduledSearchV2DetailsActionsV2SlackPostMessageAction // ScheduledSearchV2DetailsActionsV2UploadFileAction @@ -14212,7 +14941,8 @@ type ScheduledSearchV2DetailsActionsV2Action interface { // GetName returns the interface-field "name" from its implementation. // The GraphQL interface field's documentation follows. // - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term GetName() string } @@ -14224,6 +14954,8 @@ func (v *ScheduledSearchV2DetailsActionsV2OpsGenieAction) implementsGraphQLInter } func (v *ScheduledSearchV2DetailsActionsV2PagerDutyAction) implementsGraphQLInterfaceScheduledSearchV2DetailsActionsV2Action() { } +func (v *ScheduledSearchV2DetailsActionsV2S3Action) implementsGraphQLInterfaceScheduledSearchV2DetailsActionsV2Action() { +} func (v *ScheduledSearchV2DetailsActionsV2SlackAction) implementsGraphQLInterfaceScheduledSearchV2DetailsActionsV2Action() { } func (v *ScheduledSearchV2DetailsActionsV2SlackPostMessageAction) implementsGraphQLInterfaceScheduledSearchV2DetailsActionsV2Action() { @@ -14261,6 +14993,9 @@ func __unmarshalScheduledSearchV2DetailsActionsV2Action(b []byte, v *ScheduledSe case "PagerDutyAction": *v = new(ScheduledSearchV2DetailsActionsV2PagerDutyAction) return json.Unmarshal(b, *v) + case "S3Action": + *v = new(ScheduledSearchV2DetailsActionsV2S3Action) + return json.Unmarshal(b, *v) case "SlackAction": *v = new(ScheduledSearchV2DetailsActionsV2SlackAction) return json.Unmarshal(b, *v) @@ -14321,6 +15056,14 @@ func __marshalScheduledSearchV2DetailsActionsV2Action(v *ScheduledSearchV2Detail *ScheduledSearchV2DetailsActionsV2PagerDutyAction }{typename, v} return json.Marshal(result) + case *ScheduledSearchV2DetailsActionsV2S3Action: + typename = "S3Action" + + result := struct { + TypeName string `json:"__typename"` + *ScheduledSearchV2DetailsActionsV2S3Action + }{typename, v} + return json.Marshal(result) case *ScheduledSearchV2DetailsActionsV2SlackAction: typename = "SlackAction" @@ -14375,7 +15118,8 @@ func __marshalScheduledSearchV2DetailsActionsV2Action(v *ScheduledSearchV2Detail // An email action. type ScheduledSearchV2DetailsActionsV2EmailAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -14391,7 +15135,8 @@ func (v *ScheduledSearchV2DetailsActionsV2EmailAction) GetName() string { return // A LogScale repository action. type ScheduledSearchV2DetailsActionsV2HumioRepoAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -14407,7 +15152,8 @@ func (v *ScheduledSearchV2DetailsActionsV2HumioRepoAction) GetName() string { re // An OpsGenie action type ScheduledSearchV2DetailsActionsV2OpsGenieAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -14423,7 +15169,8 @@ func (v *ScheduledSearchV2DetailsActionsV2OpsGenieAction) GetName() string { ret // A PagerDuty action. type ScheduledSearchV2DetailsActionsV2PagerDutyAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -14433,13 +15180,31 @@ func (v *ScheduledSearchV2DetailsActionsV2PagerDutyAction) GetTypename() *string // GetName returns ScheduledSearchV2DetailsActionsV2PagerDutyAction.Name, and is useful for accessing the field via an interface. func (v *ScheduledSearchV2DetailsActionsV2PagerDutyAction) GetName() string { return v.Name } +// ScheduledSearchV2DetailsActionsV2S3Action includes the requested fields of the GraphQL type S3Action. +// The GraphQL type's documentation follows. +// +// An S3 action +type ScheduledSearchV2DetailsActionsV2S3Action struct { + Typename *string `json:"__typename"` + // The name of the action. + // Stability: Long-term + Name string `json:"name"` +} + +// GetTypename returns ScheduledSearchV2DetailsActionsV2S3Action.Typename, and is useful for accessing the field via an interface. +func (v *ScheduledSearchV2DetailsActionsV2S3Action) GetTypename() *string { return v.Typename } + +// GetName returns ScheduledSearchV2DetailsActionsV2S3Action.Name, and is useful for accessing the field via an interface. +func (v *ScheduledSearchV2DetailsActionsV2S3Action) GetName() string { return v.Name } + // ScheduledSearchV2DetailsActionsV2SlackAction includes the requested fields of the GraphQL type SlackAction. // The GraphQL type's documentation follows. // // A Slack action type ScheduledSearchV2DetailsActionsV2SlackAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -14455,7 +15220,8 @@ func (v *ScheduledSearchV2DetailsActionsV2SlackAction) GetName() string { return // A slack post-message action. type ScheduledSearchV2DetailsActionsV2SlackPostMessageAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -14473,7 +15239,8 @@ func (v *ScheduledSearchV2DetailsActionsV2SlackPostMessageAction) GetName() stri // An upload file action. type ScheduledSearchV2DetailsActionsV2UploadFileAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -14489,7 +15256,8 @@ func (v *ScheduledSearchV2DetailsActionsV2UploadFileAction) GetName() string { r // A VictorOps action. type ScheduledSearchV2DetailsActionsV2VictorOpsAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -14505,7 +15273,8 @@ func (v *ScheduledSearchV2DetailsActionsV2VictorOpsAction) GetName() string { re // A webhook action type ScheduledSearchV2DetailsActionsV2WebhookAction struct { Typename *string `json:"__typename"` - // An action that can be invoked from a trigger. + // The name of the action. + // Stability: Long-term Name string `json:"name"` } @@ -14750,9 +15519,9 @@ func (v *SharedQueryOwnershipTypeUserOwnership) __premarshalJSON() (*__premarsha // Slack message field entry. type SlackFieldEntryInput struct { - // Slack message field entry. + // Key of a Slack field. FieldName string `json:"fieldName"` - // Slack message field entry. + // Value of a Slack field. Value string `json:"value"` } @@ -15238,11 +16007,10 @@ func (v *UserDetails) GetCreatedAt() time.Time { return v.CreatedAt } // The repositories this view will read from. type ViewConnectionInput struct { - // The repositories this view will read from. + // The name of the connected repository. RepositoryName string `json:"repositoryName"` - // The repositories this view will read from. - Filter string `json:"filter"` - // The repositories this view will read from. + // The filter applied to all results from the repository. + Filter string `json:"filter"` LanguageVersion *LanguageVersionEnum `json:"languageVersion"` } @@ -15457,6 +16225,7 @@ type __CreateEmailActionInput struct { SubjectTemplate *string `json:"SubjectTemplate"` BodyTemplate *string `json:"BodyTemplate"` UseProxy bool `json:"UseProxy"` + Labels []string `json:"Labels"` } // GetSearchDomainName returns __CreateEmailActionInput.SearchDomainName, and is useful for accessing the field via an interface. @@ -15477,6 +16246,9 @@ func (v *__CreateEmailActionInput) GetBodyTemplate() *string { return v.BodyTemp // GetUseProxy returns __CreateEmailActionInput.UseProxy, and is useful for accessing the field via an interface. func (v *__CreateEmailActionInput) GetUseProxy() bool { return v.UseProxy } +// GetLabels returns __CreateEmailActionInput.Labels, and is useful for accessing the field via an interface. +func (v *__CreateEmailActionInput) GetLabels() []string { return v.Labels } + // __CreateFilterAlertInput is used internally by genqlient type __CreateFilterAlertInput struct { SearchDomainName string `json:"SearchDomainName"` @@ -15529,9 +16301,10 @@ func (v *__CreateFilterAlertInput) GetQueryOwnershipType() QueryOwnershipType { // __CreateHumioRepoActionInput is used internally by genqlient type __CreateHumioRepoActionInput struct { - SearchDomainName string `json:"SearchDomainName"` - ActionName string `json:"ActionName"` - IngestToken string `json:"IngestToken"` + SearchDomainName string `json:"SearchDomainName"` + ActionName string `json:"ActionName"` + IngestToken string `json:"IngestToken"` + Labels []string `json:"Labels"` } // GetSearchDomainName returns __CreateHumioRepoActionInput.SearchDomainName, and is useful for accessing the field via an interface. @@ -15543,13 +16316,17 @@ func (v *__CreateHumioRepoActionInput) GetActionName() string { return v.ActionN // GetIngestToken returns __CreateHumioRepoActionInput.IngestToken, and is useful for accessing the field via an interface. func (v *__CreateHumioRepoActionInput) GetIngestToken() string { return v.IngestToken } +// GetLabels returns __CreateHumioRepoActionInput.Labels, and is useful for accessing the field via an interface. +func (v *__CreateHumioRepoActionInput) GetLabels() []string { return v.Labels } + // __CreateOpsGenieActionInput is used internally by genqlient type __CreateOpsGenieActionInput struct { - SearchDomainName string `json:"SearchDomainName"` - ActionName string `json:"ActionName"` - ApiUrl string `json:"ApiUrl"` - GenieKey string `json:"GenieKey"` - UseProxy bool `json:"UseProxy"` + SearchDomainName string `json:"SearchDomainName"` + ActionName string `json:"ActionName"` + ApiUrl string `json:"ApiUrl"` + GenieKey string `json:"GenieKey"` + UseProxy bool `json:"UseProxy"` + Labels []string `json:"Labels"` } // GetSearchDomainName returns __CreateOpsGenieActionInput.SearchDomainName, and is useful for accessing the field via an interface. @@ -15567,13 +16344,17 @@ func (v *__CreateOpsGenieActionInput) GetGenieKey() string { return v.GenieKey } // GetUseProxy returns __CreateOpsGenieActionInput.UseProxy, and is useful for accessing the field via an interface. func (v *__CreateOpsGenieActionInput) GetUseProxy() bool { return v.UseProxy } +// GetLabels returns __CreateOpsGenieActionInput.Labels, and is useful for accessing the field via an interface. +func (v *__CreateOpsGenieActionInput) GetLabels() []string { return v.Labels } + // __CreatePagerDutyActionInput is used internally by genqlient type __CreatePagerDutyActionInput struct { - SearchDomainName string `json:"SearchDomainName"` - ActionName string `json:"ActionName"` - Severity string `json:"Severity"` - RoutingKey string `json:"RoutingKey"` - UseProxy bool `json:"UseProxy"` + SearchDomainName string `json:"SearchDomainName"` + ActionName string `json:"ActionName"` + Severity string `json:"Severity"` + RoutingKey string `json:"RoutingKey"` + UseProxy bool `json:"UseProxy"` + Labels []string `json:"Labels"` } // GetSearchDomainName returns __CreatePagerDutyActionInput.SearchDomainName, and is useful for accessing the field via an interface. @@ -15591,6 +16372,9 @@ func (v *__CreatePagerDutyActionInput) GetRoutingKey() string { return v.Routing // GetUseProxy returns __CreatePagerDutyActionInput.UseProxy, and is useful for accessing the field via an interface. func (v *__CreatePagerDutyActionInput) GetUseProxy() bool { return v.UseProxy } +// GetLabels returns __CreatePagerDutyActionInput.Labels, and is useful for accessing the field via an interface. +func (v *__CreatePagerDutyActionInput) GetLabels() []string { return v.Labels } + // __CreateParserInput is used internally by genqlient type __CreateParserInput struct { RepositoryName string `json:"RepositoryName"` @@ -15635,6 +16419,50 @@ type __CreateRepositoryInput struct { // GetRepositoryName returns __CreateRepositoryInput.RepositoryName, and is useful for accessing the field via an interface. func (v *__CreateRepositoryInput) GetRepositoryName() string { return v.RepositoryName } +// __CreateS3ActionInput is used internally by genqlient +type __CreateS3ActionInput struct { + SearchDomainName string `json:"SearchDomainName"` + ActionName string `json:"ActionName"` + RoleArn string `json:"RoleArn"` + AwsRegion string `json:"AwsRegion"` + BucketName string `json:"BucketName"` + FileName string `json:"FileName"` + OutputFormat S3ActionEventOutputFormat `json:"OutputFormat"` + OutputMetadata bool `json:"OutputMetadata"` + UseProxy bool `json:"UseProxy"` + Labels []string `json:"Labels"` +} + +// GetSearchDomainName returns __CreateS3ActionInput.SearchDomainName, and is useful for accessing the field via an interface. +func (v *__CreateS3ActionInput) GetSearchDomainName() string { return v.SearchDomainName } + +// GetActionName returns __CreateS3ActionInput.ActionName, and is useful for accessing the field via an interface. +func (v *__CreateS3ActionInput) GetActionName() string { return v.ActionName } + +// GetRoleArn returns __CreateS3ActionInput.RoleArn, and is useful for accessing the field via an interface. +func (v *__CreateS3ActionInput) GetRoleArn() string { return v.RoleArn } + +// GetAwsRegion returns __CreateS3ActionInput.AwsRegion, and is useful for accessing the field via an interface. +func (v *__CreateS3ActionInput) GetAwsRegion() string { return v.AwsRegion } + +// GetBucketName returns __CreateS3ActionInput.BucketName, and is useful for accessing the field via an interface. +func (v *__CreateS3ActionInput) GetBucketName() string { return v.BucketName } + +// GetFileName returns __CreateS3ActionInput.FileName, and is useful for accessing the field via an interface. +func (v *__CreateS3ActionInput) GetFileName() string { return v.FileName } + +// GetOutputFormat returns __CreateS3ActionInput.OutputFormat, and is useful for accessing the field via an interface. +func (v *__CreateS3ActionInput) GetOutputFormat() S3ActionEventOutputFormat { return v.OutputFormat } + +// GetOutputMetadata returns __CreateS3ActionInput.OutputMetadata, and is useful for accessing the field via an interface. +func (v *__CreateS3ActionInput) GetOutputMetadata() bool { return v.OutputMetadata } + +// GetUseProxy returns __CreateS3ActionInput.UseProxy, and is useful for accessing the field via an interface. +func (v *__CreateS3ActionInput) GetUseProxy() bool { return v.UseProxy } + +// GetLabels returns __CreateS3ActionInput.Labels, and is useful for accessing the field via an interface. +func (v *__CreateS3ActionInput) GetLabels() []string { return v.Labels } + // __CreateScheduledSearchInput is used internally by genqlient type __CreateScheduledSearchInput struct { SearchDomainName string `json:"SearchDomainName"` @@ -15780,6 +16608,7 @@ type __CreateSlackActionInput struct { Fields []SlackFieldEntryInput `json:"Fields"` Url string `json:"Url"` UseProxy bool `json:"UseProxy"` + Labels []string `json:"Labels"` } // GetSearchDomainName returns __CreateSlackActionInput.SearchDomainName, and is useful for accessing the field via an interface. @@ -15797,6 +16626,9 @@ func (v *__CreateSlackActionInput) GetUrl() string { return v.Url } // GetUseProxy returns __CreateSlackActionInput.UseProxy, and is useful for accessing the field via an interface. func (v *__CreateSlackActionInput) GetUseProxy() bool { return v.UseProxy } +// GetLabels returns __CreateSlackActionInput.Labels, and is useful for accessing the field via an interface. +func (v *__CreateSlackActionInput) GetLabels() []string { return v.Labels } + // __CreateSlackPostMessageActionInput is used internally by genqlient type __CreateSlackPostMessageActionInput struct { SearchDomainName string `json:"SearchDomainName"` @@ -15805,6 +16637,7 @@ type __CreateSlackPostMessageActionInput struct { Channels []string `json:"Channels"` Fields []SlackFieldEntryInput `json:"Fields"` UseProxy bool `json:"UseProxy"` + Labels []string `json:"Labels"` } // GetSearchDomainName returns __CreateSlackPostMessageActionInput.SearchDomainName, and is useful for accessing the field via an interface. @@ -15825,11 +16658,15 @@ func (v *__CreateSlackPostMessageActionInput) GetFields() []SlackFieldEntryInput // GetUseProxy returns __CreateSlackPostMessageActionInput.UseProxy, and is useful for accessing the field via an interface. func (v *__CreateSlackPostMessageActionInput) GetUseProxy() bool { return v.UseProxy } +// GetLabels returns __CreateSlackPostMessageActionInput.Labels, and is useful for accessing the field via an interface. +func (v *__CreateSlackPostMessageActionInput) GetLabels() []string { return v.Labels } + // __CreateUploadFileActionInput is used internally by genqlient type __CreateUploadFileActionInput struct { - SearchDomainName string `json:"SearchDomainName"` - ActionName string `json:"ActionName"` - FileName string `json:"FileName"` + SearchDomainName string `json:"SearchDomainName"` + ActionName string `json:"ActionName"` + FileName string `json:"FileName"` + Labels []string `json:"Labels"` } // GetSearchDomainName returns __CreateUploadFileActionInput.SearchDomainName, and is useful for accessing the field via an interface. @@ -15841,13 +16678,17 @@ func (v *__CreateUploadFileActionInput) GetActionName() string { return v.Action // GetFileName returns __CreateUploadFileActionInput.FileName, and is useful for accessing the field via an interface. func (v *__CreateUploadFileActionInput) GetFileName() string { return v.FileName } +// GetLabels returns __CreateUploadFileActionInput.Labels, and is useful for accessing the field via an interface. +func (v *__CreateUploadFileActionInput) GetLabels() []string { return v.Labels } + // __CreateVictorOpsActionInput is used internally by genqlient type __CreateVictorOpsActionInput struct { - SearchDomainName string `json:"SearchDomainName"` - ActionName string `json:"ActionName"` - MessageType string `json:"MessageType"` - NotifyUrl string `json:"NotifyUrl"` - UseProxy bool `json:"UseProxy"` + SearchDomainName string `json:"SearchDomainName"` + ActionName string `json:"ActionName"` + MessageType string `json:"MessageType"` + NotifyUrl string `json:"NotifyUrl"` + UseProxy bool `json:"UseProxy"` + Labels []string `json:"Labels"` } // GetSearchDomainName returns __CreateVictorOpsActionInput.SearchDomainName, and is useful for accessing the field via an interface. @@ -15865,6 +16706,9 @@ func (v *__CreateVictorOpsActionInput) GetNotifyUrl() string { return v.NotifyUr // GetUseProxy returns __CreateVictorOpsActionInput.UseProxy, and is useful for accessing the field via an interface. func (v *__CreateVictorOpsActionInput) GetUseProxy() bool { return v.UseProxy } +// GetLabels returns __CreateVictorOpsActionInput.Labels, and is useful for accessing the field via an interface. +func (v *__CreateVictorOpsActionInput) GetLabels() []string { return v.Labels } + // __CreateViewInput is used internally by genqlient type __CreateViewInput struct { ViewName string `json:"ViewName"` @@ -15891,6 +16735,7 @@ type __CreateWebhookActionInput struct { BodyTemplate string `json:"BodyTemplate"` IgnoreSSL bool `json:"IgnoreSSL"` UseProxy bool `json:"UseProxy"` + Labels []string `json:"Labels"` } // GetSearchDomainName returns __CreateWebhookActionInput.SearchDomainName, and is useful for accessing the field via an interface. @@ -15917,6 +16762,9 @@ func (v *__CreateWebhookActionInput) GetIgnoreSSL() bool { return v.IgnoreSSL } // GetUseProxy returns __CreateWebhookActionInput.UseProxy, and is useful for accessing the field via an interface. func (v *__CreateWebhookActionInput) GetUseProxy() bool { return v.UseProxy } +// GetLabels returns __CreateWebhookActionInput.Labels, and is useful for accessing the field via an interface. +func (v *__CreateWebhookActionInput) GetLabels() []string { return v.Labels } + // __DeleteActionByIDInput is used internally by genqlient type __DeleteActionByIDInput struct { SearchDomainName string `json:"SearchDomainName"` @@ -16189,58 +17037,6 @@ type __GetUsersByUsernameInput struct { // GetUsername returns __GetUsersByUsernameInput.Username, and is useful for accessing the field via an interface. func (v *__GetUsersByUsernameInput) GetUsername() string { return v.Username } -// __LegacyCreateParserInput is used internally by genqlient -type __LegacyCreateParserInput struct { - RepositoryName string `json:"RepositoryName"` - Name string `json:"Name"` - TestData []string `json:"TestData"` - TagFields []string `json:"TagFields"` - SourceCode string `json:"SourceCode"` - Force bool `json:"Force"` -} - -// GetRepositoryName returns __LegacyCreateParserInput.RepositoryName, and is useful for accessing the field via an interface. -func (v *__LegacyCreateParserInput) GetRepositoryName() string { return v.RepositoryName } - -// GetName returns __LegacyCreateParserInput.Name, and is useful for accessing the field via an interface. -func (v *__LegacyCreateParserInput) GetName() string { return v.Name } - -// GetTestData returns __LegacyCreateParserInput.TestData, and is useful for accessing the field via an interface. -func (v *__LegacyCreateParserInput) GetTestData() []string { return v.TestData } - -// GetTagFields returns __LegacyCreateParserInput.TagFields, and is useful for accessing the field via an interface. -func (v *__LegacyCreateParserInput) GetTagFields() []string { return v.TagFields } - -// GetSourceCode returns __LegacyCreateParserInput.SourceCode, and is useful for accessing the field via an interface. -func (v *__LegacyCreateParserInput) GetSourceCode() string { return v.SourceCode } - -// GetForce returns __LegacyCreateParserInput.Force, and is useful for accessing the field via an interface. -func (v *__LegacyCreateParserInput) GetForce() bool { return v.Force } - -// __LegacyDeleteParserByIDInput is used internally by genqlient -type __LegacyDeleteParserByIDInput struct { - RepositoryName string `json:"RepositoryName"` - ParserID string `json:"ParserID"` -} - -// GetRepositoryName returns __LegacyDeleteParserByIDInput.RepositoryName, and is useful for accessing the field via an interface. -func (v *__LegacyDeleteParserByIDInput) GetRepositoryName() string { return v.RepositoryName } - -// GetParserID returns __LegacyDeleteParserByIDInput.ParserID, and is useful for accessing the field via an interface. -func (v *__LegacyDeleteParserByIDInput) GetParserID() string { return v.ParserID } - -// __LegacyGetParserInput is used internally by genqlient -type __LegacyGetParserInput struct { - RepositoryName string `json:"RepositoryName"` - ParserName string `json:"ParserName"` -} - -// GetRepositoryName returns __LegacyGetParserInput.RepositoryName, and is useful for accessing the field via an interface. -func (v *__LegacyGetParserInput) GetRepositoryName() string { return v.RepositoryName } - -// GetParserName returns __LegacyGetParserInput.ParserName, and is useful for accessing the field via an interface. -func (v *__LegacyGetParserInput) GetParserName() string { return v.ParserName } - // __ListActionsInput is used internally by genqlient type __ListActionsInput struct { SearchDomainName string `json:"SearchDomainName"` @@ -16825,7 +17621,6 @@ fragment AlertDetails on Alert { queryStart throttleField timeOfLastTrigger - isStarred description throttleTimeMillis enabled @@ -16892,14 +17687,15 @@ func CreateAlert( // The query or mutation executed by CreateEmailAction. const CreateEmailAction_Operation = ` -mutation CreateEmailAction ($SearchDomainName: String!, $ActionName: String!, $Recipients: [String!]!, $SubjectTemplate: String, $BodyTemplate: String, $UseProxy: Boolean!) { - createEmailAction(input: {viewName:$SearchDomainName,name:$ActionName,recipients:$Recipients,subjectTemplate:$SubjectTemplate,bodyTemplate:$BodyTemplate,useProxy:$UseProxy}) { +mutation CreateEmailAction ($SearchDomainName: String!, $ActionName: String!, $Recipients: [String!]!, $SubjectTemplate: String, $BodyTemplate: String, $UseProxy: Boolean!, $Labels: [String!]) { + createEmailAction(input: {viewName:$SearchDomainName,name:$ActionName,recipients:$Recipients,subjectTemplate:$SubjectTemplate,bodyTemplate:$BodyTemplate,useProxy:$UseProxy,labels:$Labels}) { id name recipients subjectTemplate bodyTemplate useProxy + labels } } ` @@ -16913,6 +17709,7 @@ func CreateEmailAction( SubjectTemplate *string, BodyTemplate *string, UseProxy bool, + Labels []string, ) (*CreateEmailActionResponse, error) { req_ := &graphql.Request{ OpName: "CreateEmailAction", @@ -16924,6 +17721,7 @@ func CreateEmailAction( SubjectTemplate: SubjectTemplate, BodyTemplate: BodyTemplate, UseProxy: UseProxy, + Labels: Labels, }, } var err_ error @@ -17018,11 +17816,12 @@ func CreateFilterAlert( // The query or mutation executed by CreateHumioRepoAction. const CreateHumioRepoAction_Operation = ` -mutation CreateHumioRepoAction ($SearchDomainName: String!, $ActionName: String!, $IngestToken: String!) { - createHumioRepoAction(input: {viewName:$SearchDomainName,name:$ActionName,ingestToken:$IngestToken}) { +mutation CreateHumioRepoAction ($SearchDomainName: String!, $ActionName: String!, $IngestToken: String!, $Labels: [String!]) { + createHumioRepoAction(input: {viewName:$SearchDomainName,name:$ActionName,ingestToken:$IngestToken,labels:$Labels}) { id name ingestToken + labels } } ` @@ -17033,6 +17832,7 @@ func CreateHumioRepoAction( SearchDomainName string, ActionName string, IngestToken string, + Labels []string, ) (*CreateHumioRepoActionResponse, error) { req_ := &graphql.Request{ OpName: "CreateHumioRepoAction", @@ -17041,6 +17841,7 @@ func CreateHumioRepoAction( SearchDomainName: SearchDomainName, ActionName: ActionName, IngestToken: IngestToken, + Labels: Labels, }, } var err_ error @@ -17059,13 +17860,14 @@ func CreateHumioRepoAction( // The query or mutation executed by CreateOpsGenieAction. const CreateOpsGenieAction_Operation = ` -mutation CreateOpsGenieAction ($SearchDomainName: String!, $ActionName: String!, $ApiUrl: String!, $GenieKey: String!, $UseProxy: Boolean!) { - createOpsGenieAction(input: {viewName:$SearchDomainName,name:$ActionName,apiUrl:$ApiUrl,genieKey:$GenieKey,useProxy:$UseProxy}) { +mutation CreateOpsGenieAction ($SearchDomainName: String!, $ActionName: String!, $ApiUrl: String!, $GenieKey: String!, $UseProxy: Boolean!, $Labels: [String!]) { + createOpsGenieAction(input: {viewName:$SearchDomainName,name:$ActionName,apiUrl:$ApiUrl,genieKey:$GenieKey,useProxy:$UseProxy,labels:$Labels}) { id name apiUrl genieKey useProxy + labels } } ` @@ -17078,6 +17880,7 @@ func CreateOpsGenieAction( ApiUrl string, GenieKey string, UseProxy bool, + Labels []string, ) (*CreateOpsGenieActionResponse, error) { req_ := &graphql.Request{ OpName: "CreateOpsGenieAction", @@ -17088,6 +17891,7 @@ func CreateOpsGenieAction( ApiUrl: ApiUrl, GenieKey: GenieKey, UseProxy: UseProxy, + Labels: Labels, }, } var err_ error @@ -17106,13 +17910,14 @@ func CreateOpsGenieAction( // The query or mutation executed by CreatePagerDutyAction. const CreatePagerDutyAction_Operation = ` -mutation CreatePagerDutyAction ($SearchDomainName: String!, $ActionName: String!, $Severity: String!, $RoutingKey: String!, $UseProxy: Boolean!) { - createPagerDutyAction(input: {viewName:$SearchDomainName,name:$ActionName,severity:$Severity,routingKey:$RoutingKey,useProxy:$UseProxy}) { +mutation CreatePagerDutyAction ($SearchDomainName: String!, $ActionName: String!, $Severity: String!, $RoutingKey: String!, $UseProxy: Boolean!, $Labels: [String!]) { + createPagerDutyAction(input: {viewName:$SearchDomainName,name:$ActionName,severity:$Severity,routingKey:$RoutingKey,useProxy:$UseProxy,labels:$Labels}) { id name severity routingKey useProxy + labels } } ` @@ -17125,6 +17930,7 @@ func CreatePagerDutyAction( Severity string, RoutingKey string, UseProxy bool, + Labels []string, ) (*CreatePagerDutyActionResponse, error) { req_ := &graphql.Request{ OpName: "CreatePagerDutyAction", @@ -17135,6 +17941,7 @@ func CreatePagerDutyAction( Severity: Severity, RoutingKey: RoutingKey, UseProxy: UseProxy, + Labels: Labels, }, } var err_ error @@ -17276,6 +18083,68 @@ func CreateRepository( return &data_, err_ } +// The query or mutation executed by CreateS3Action. +const CreateS3Action_Operation = ` +mutation CreateS3Action ($SearchDomainName: RepoOrViewName!, $ActionName: String!, $RoleArn: String!, $AwsRegion: String!, $BucketName: String!, $FileName: String!, $OutputFormat: S3ActionEventOutputFormat!, $OutputMetadata: Boolean!, $UseProxy: Boolean!, $Labels: [String!]) { + createS3Action(input: {viewName:$SearchDomainName,name:$ActionName,roleArn:$RoleArn,awsRegion:$AwsRegion,bucketName:$BucketName,fileName:$FileName,outputFormat:$OutputFormat,outputMetadata:$OutputMetadata,useProxy:$UseProxy,labels:$Labels}) { + id + name + roleArn + awsRegion + bucketName + fileName + outputFormat + outputMetadata + useProxy + labels + } +} +` + +func CreateS3Action( + ctx_ context.Context, + client_ graphql.Client, + SearchDomainName string, + ActionName string, + RoleArn string, + AwsRegion string, + BucketName string, + FileName string, + OutputFormat S3ActionEventOutputFormat, + OutputMetadata bool, + UseProxy bool, + Labels []string, +) (*CreateS3ActionResponse, error) { + req_ := &graphql.Request{ + OpName: "CreateS3Action", + Query: CreateS3Action_Operation, + Variables: &__CreateS3ActionInput{ + SearchDomainName: SearchDomainName, + ActionName: ActionName, + RoleArn: RoleArn, + AwsRegion: AwsRegion, + BucketName: BucketName, + FileName: FileName, + OutputFormat: OutputFormat, + OutputMetadata: OutputMetadata, + UseProxy: UseProxy, + Labels: Labels, + }, + } + var err_ error + + var data_ CreateS3ActionResponse + resp_ := &graphql.Response{Data: &data_} + + err_ = client_.MakeRequest( + ctx_, + req_, + resp_, + ) + + return &data_, err_ +} + // The query or mutation executed by CreateScheduledSearch. const CreateScheduledSearch_Operation = ` mutation CreateScheduledSearch ($SearchDomainName: String!, $Name: String!, $Description: String, $QueryString: String!, $QueryStart: String!, $QueryEnd: String!, $Schedule: String!, $TimeZone: String!, $BackfillLimit: Int!, $Enabled: Boolean!, $ActionIdsOrNames: [String!]!, $RunAsUserID: String, $Labels: [String!]!, $QueryOwnershipType: QueryOwnershipType) { @@ -17454,8 +18323,8 @@ func CreateScheduledSearchV2( // The query or mutation executed by CreateSlackAction. const CreateSlackAction_Operation = ` -mutation CreateSlackAction ($SearchDomainName: String!, $ActionName: String!, $Fields: [SlackFieldEntryInput!]!, $Url: String!, $UseProxy: Boolean!) { - createSlackAction(input: {viewName:$SearchDomainName,name:$ActionName,fields:$Fields,url:$Url,useProxy:$UseProxy}) { +mutation CreateSlackAction ($SearchDomainName: String!, $ActionName: String!, $Fields: [SlackFieldEntryInput!]!, $Url: String!, $UseProxy: Boolean!, $Labels: [String!]) { + createSlackAction(input: {viewName:$SearchDomainName,name:$ActionName,fields:$Fields,url:$Url,useProxy:$UseProxy,labels:$Labels}) { id name fields { @@ -17464,6 +18333,7 @@ mutation CreateSlackAction ($SearchDomainName: String!, $ActionName: String!, $F } url useProxy + labels } } ` @@ -17476,6 +18346,7 @@ func CreateSlackAction( Fields []SlackFieldEntryInput, Url string, UseProxy bool, + Labels []string, ) (*CreateSlackActionResponse, error) { req_ := &graphql.Request{ OpName: "CreateSlackAction", @@ -17486,6 +18357,7 @@ func CreateSlackAction( Fields: Fields, Url: Url, UseProxy: UseProxy, + Labels: Labels, }, } var err_ error @@ -17504,8 +18376,8 @@ func CreateSlackAction( // The query or mutation executed by CreateSlackPostMessageAction. const CreateSlackPostMessageAction_Operation = ` -mutation CreateSlackPostMessageAction ($SearchDomainName: String!, $ActionName: String!, $ApiToken: String!, $Channels: [String!]!, $Fields: [SlackFieldEntryInput!]!, $UseProxy: Boolean!) { - createSlackPostMessageAction(input: {viewName:$SearchDomainName,name:$ActionName,apiToken:$ApiToken,channels:$Channels,fields:$Fields,useProxy:$UseProxy}) { +mutation CreateSlackPostMessageAction ($SearchDomainName: String!, $ActionName: String!, $ApiToken: String!, $Channels: [String!]!, $Fields: [SlackFieldEntryInput!]!, $UseProxy: Boolean!, $Labels: [String!]) { + createSlackPostMessageAction(input: {viewName:$SearchDomainName,name:$ActionName,apiToken:$ApiToken,channels:$Channels,fields:$Fields,useProxy:$UseProxy,labels:$Labels}) { id name apiToken @@ -17515,6 +18387,7 @@ mutation CreateSlackPostMessageAction ($SearchDomainName: String!, $ActionName: fieldName } useProxy + labels } } ` @@ -17528,6 +18401,7 @@ func CreateSlackPostMessageAction( Channels []string, Fields []SlackFieldEntryInput, UseProxy bool, + Labels []string, ) (*CreateSlackPostMessageActionResponse, error) { req_ := &graphql.Request{ OpName: "CreateSlackPostMessageAction", @@ -17539,6 +18413,7 @@ func CreateSlackPostMessageAction( Channels: Channels, Fields: Fields, UseProxy: UseProxy, + Labels: Labels, }, } var err_ error @@ -17557,11 +18432,12 @@ func CreateSlackPostMessageAction( // The query or mutation executed by CreateUploadFileAction. const CreateUploadFileAction_Operation = ` -mutation CreateUploadFileAction ($SearchDomainName: String!, $ActionName: String!, $FileName: String!) { - createUploadFileAction(input: {viewName:$SearchDomainName,name:$ActionName,fileName:$FileName}) { +mutation CreateUploadFileAction ($SearchDomainName: String!, $ActionName: String!, $FileName: String!, $Labels: [String!]) { + createUploadFileAction(input: {viewName:$SearchDomainName,name:$ActionName,fileName:$FileName,labels:$Labels}) { id name fileName + labels } } ` @@ -17572,6 +18448,7 @@ func CreateUploadFileAction( SearchDomainName string, ActionName string, FileName string, + Labels []string, ) (*CreateUploadFileActionResponse, error) { req_ := &graphql.Request{ OpName: "CreateUploadFileAction", @@ -17580,6 +18457,7 @@ func CreateUploadFileAction( SearchDomainName: SearchDomainName, ActionName: ActionName, FileName: FileName, + Labels: Labels, }, } var err_ error @@ -17598,13 +18476,14 @@ func CreateUploadFileAction( // The query or mutation executed by CreateVictorOpsAction. const CreateVictorOpsAction_Operation = ` -mutation CreateVictorOpsAction ($SearchDomainName: String!, $ActionName: String!, $MessageType: String!, $NotifyUrl: String!, $UseProxy: Boolean!) { - createVictorOpsAction(input: {viewName:$SearchDomainName,name:$ActionName,messageType:$MessageType,notifyUrl:$NotifyUrl,useProxy:$UseProxy}) { +mutation CreateVictorOpsAction ($SearchDomainName: String!, $ActionName: String!, $MessageType: String!, $NotifyUrl: String!, $UseProxy: Boolean!, $Labels: [String!]) { + createVictorOpsAction(input: {viewName:$SearchDomainName,name:$ActionName,messageType:$MessageType,notifyUrl:$NotifyUrl,useProxy:$UseProxy,labels:$Labels}) { id name messageType notifyUrl useProxy + labels } } ` @@ -17617,6 +18496,7 @@ func CreateVictorOpsAction( MessageType string, NotifyUrl string, UseProxy bool, + Labels []string, ) (*CreateVictorOpsActionResponse, error) { req_ := &graphql.Request{ OpName: "CreateVictorOpsAction", @@ -17627,6 +18507,7 @@ func CreateVictorOpsAction( MessageType: MessageType, NotifyUrl: NotifyUrl, UseProxy: UseProxy, + Labels: Labels, }, } var err_ error @@ -17684,8 +18565,8 @@ func CreateView( // The query or mutation executed by CreateWebhookAction. const CreateWebhookAction_Operation = ` -mutation CreateWebhookAction ($SearchDomainName: String!, $ActionName: String!, $Url: String!, $Method: String!, $Headers: [HttpHeaderEntryInput!]!, $BodyTemplate: String!, $IgnoreSSL: Boolean!, $UseProxy: Boolean!) { - createWebhookAction(input: {viewName:$SearchDomainName,name:$ActionName,url:$Url,method:$Method,headers:$Headers,bodyTemplate:$BodyTemplate,ignoreSSL:$IgnoreSSL,useProxy:$UseProxy}) { +mutation CreateWebhookAction ($SearchDomainName: String!, $ActionName: String!, $Url: String!, $Method: String!, $Headers: [HttpHeaderEntryInput!]!, $BodyTemplate: String!, $IgnoreSSL: Boolean!, $UseProxy: Boolean!, $Labels: [String!]) { + createWebhookAction(input: {viewName:$SearchDomainName,name:$ActionName,url:$Url,method:$Method,headers:$Headers,bodyTemplate:$BodyTemplate,ignoreSSL:$IgnoreSSL,useProxy:$UseProxy,labels:$Labels}) { id name url @@ -17697,6 +18578,7 @@ mutation CreateWebhookAction ($SearchDomainName: String!, $ActionName: String!, bodyTemplate ignoreSSL useProxy + labels } } ` @@ -17712,6 +18594,7 @@ func CreateWebhookAction( BodyTemplate string, IgnoreSSL bool, UseProxy bool, + Labels []string, ) (*CreateWebhookActionResponse, error) { req_ := &graphql.Request{ OpName: "CreateWebhookAction", @@ -17725,6 +18608,7 @@ func CreateWebhookAction( BodyTemplate: BodyTemplate, IgnoreSSL: IgnoreSSL, UseProxy: UseProxy, + Labels: Labels, }, } var err_ error @@ -18320,19 +19204,23 @@ fragment ActionDetails on Action { subjectTemplate emailBodyTemplate: bodyTemplate useProxy + labels } ... on HumioRepoAction { ingestToken + labels } ... on OpsGenieAction { apiUrl genieKey useProxy + labels } ... on PagerDutyAction { severity routingKey useProxy + labels } ... on SlackAction { url @@ -18341,6 +19229,7 @@ fragment ActionDetails on Action { value } useProxy + labels } ... on SlackPostMessageAction { apiToken @@ -18350,14 +19239,17 @@ fragment ActionDetails on Action { value } useProxy + labels } ... on VictorOpsAction { messageType notifyUrl useProxy + labels } ... on UploadFileAction { fileName + labels } ... on WebhookAction { method @@ -18369,6 +19261,17 @@ fragment ActionDetails on Action { WebhookBodyTemplate: bodyTemplate ignoreSSL useProxy + labels + } + ... on S3Action { + roleArn + awsRegion + bucketName + fileName + outputFormat + outputMetadata + useProxy + labels } } ` @@ -18987,158 +19890,6 @@ func GetUsersByUsername( return &data_, err_ } -// The query or mutation executed by LegacyCreateParser. -const LegacyCreateParser_Operation = ` -mutation LegacyCreateParser ($RepositoryName: String!, $Name: String!, $TestData: [String!]!, $TagFields: [String!]!, $SourceCode: String!, $Force: Boolean!) { - createParser(input: {name:$Name,repositoryName:$RepositoryName,testData:$TestData,tagFields:$TagFields,sourceCode:$SourceCode,force:$Force}) { - parser { - ... ParserDetails - } - } -} -fragment ParserDetails on Parser { - id - name - displayName - description - isBuiltIn - script - fieldsToTag - fieldsToBeRemovedBeforeParsing - testCases { - event { - rawString - } - outputAssertions { - assertions { - fieldsHaveValues { - fieldName - expectedValue - } - fieldsNotPresent - } - outputEventIndex - } - } -} -` - -func LegacyCreateParser( - ctx_ context.Context, - client_ graphql.Client, - RepositoryName string, - Name string, - TestData []string, - TagFields []string, - SourceCode string, - Force bool, -) (*LegacyCreateParserResponse, error) { - req_ := &graphql.Request{ - OpName: "LegacyCreateParser", - Query: LegacyCreateParser_Operation, - Variables: &__LegacyCreateParserInput{ - RepositoryName: RepositoryName, - Name: Name, - TestData: TestData, - TagFields: TagFields, - SourceCode: SourceCode, - Force: Force, - }, - } - var err_ error - - var data_ LegacyCreateParserResponse - resp_ := &graphql.Response{Data: &data_} - - err_ = client_.MakeRequest( - ctx_, - req_, - resp_, - ) - - return &data_, err_ -} - -// The query or mutation executed by LegacyDeleteParserByID. -const LegacyDeleteParserByID_Operation = ` -mutation LegacyDeleteParserByID ($RepositoryName: String!, $ParserID: String!) { - removeParser(input: {repositoryName:$RepositoryName,id:$ParserID}) { - __typename - } -} -` - -func LegacyDeleteParserByID( - ctx_ context.Context, - client_ graphql.Client, - RepositoryName string, - ParserID string, -) (*LegacyDeleteParserByIDResponse, error) { - req_ := &graphql.Request{ - OpName: "LegacyDeleteParserByID", - Query: LegacyDeleteParserByID_Operation, - Variables: &__LegacyDeleteParserByIDInput{ - RepositoryName: RepositoryName, - ParserID: ParserID, - }, - } - var err_ error - - var data_ LegacyDeleteParserByIDResponse - resp_ := &graphql.Response{Data: &data_} - - err_ = client_.MakeRequest( - ctx_, - req_, - resp_, - ) - - return &data_, err_ -} - -// The query or mutation executed by LegacyGetParser. -const LegacyGetParser_Operation = ` -query LegacyGetParser ($RepositoryName: String!, $ParserName: String!) { - repository(name: $RepositoryName) { - parser(name: $ParserName) { - id - name - sourceCode - testData - tagFields - } - } -} -` - -func LegacyGetParser( - ctx_ context.Context, - client_ graphql.Client, - RepositoryName string, - ParserName string, -) (*LegacyGetParserResponse, error) { - req_ := &graphql.Request{ - OpName: "LegacyGetParser", - Query: LegacyGetParser_Operation, - Variables: &__LegacyGetParserInput{ - RepositoryName: RepositoryName, - ParserName: ParserName, - }, - } - var err_ error - - var data_ LegacyGetParserResponse - resp_ := &graphql.Response{Data: &data_} - - err_ = client_.MakeRequest( - ctx_, - req_, - resp_, - ) - - return &data_, err_ -} - // The query or mutation executed by ListActions. const ListActions_Operation = ` query ListActions ($SearchDomainName: String!) { @@ -19158,19 +19909,23 @@ fragment ActionDetails on Action { subjectTemplate emailBodyTemplate: bodyTemplate useProxy + labels } ... on HumioRepoAction { ingestToken + labels } ... on OpsGenieAction { apiUrl genieKey useProxy + labels } ... on PagerDutyAction { severity routingKey useProxy + labels } ... on SlackAction { url @@ -19179,6 +19934,7 @@ fragment ActionDetails on Action { value } useProxy + labels } ... on SlackPostMessageAction { apiToken @@ -19188,14 +19944,17 @@ fragment ActionDetails on Action { value } useProxy + labels } ... on VictorOpsAction { messageType notifyUrl useProxy + labels } ... on UploadFileAction { fileName + labels } ... on WebhookAction { method @@ -19207,6 +19966,17 @@ fragment ActionDetails on Action { WebhookBodyTemplate: bodyTemplate ignoreSSL useProxy + labels + } + ... on S3Action { + roleArn + awsRegion + bucketName + fileName + outputFormat + outputMetadata + useProxy + labels } } ` @@ -19316,7 +20086,6 @@ fragment AlertDetails on Alert { queryStart throttleField timeOfLastTrigger - isStarred description throttleTimeMillis enabled diff --git a/internal/api/humiographql/schema/_schema.graphql b/internal/api/humiographql/schema/_schema.graphql index c0f559d..a2e4556 100644 --- a/internal/api/humiographql/schema/_schema.graphql +++ b/internal/api/humiographql/schema/_schema.graphql @@ -1,712 +1,1978 @@ -""" -Directs the executor to include this field or fragment only when the `if` argument is true. -""" -directive @include( -""" -Included when true. -""" - if: Boolean! -) on FIELD | FRAGMENT_SPREAD | INLINE_FRAGMENT +"Shows the current configuration for ingest feeds that uses AWS S3 and SQS." +type AWSS3SQSConfiguration { + """ + Is true if configuration is setup for AWS S3 SQS ingest feeds. + Stability: Long-term + """ + isAuthConfigured: Boolean! @stability(level: LongTerm) +} -""" -Directs the executor to skip this field or fragment when the `if` argument is true. -""" -directive @skip( -""" -Included when true. -""" - if: Boolean! -) on FIELD | FRAGMENT_SPREAD | INLINE_FRAGMENT +type AccessTokenValidatorResultType { + "Stability: Long-term" + sessionId: String @stability(level: LongTerm) -""" -Marks an element of a GraphQL schema as no longer supported. -""" -directive @deprecated( -""" -Explains why this element was deprecated, usually also including a suggestion for how to access supported similar data. Formatted in [Markdown](https://daringfireball.net/projects/markdown/). -""" - reason: String -) on ENUM_VALUE | FIELD_DEFINITION + "Stability: Long-term" + showTermsAndConditions: ShowTermsAndConditions @stability(level: LongTerm) +} -""" -Marks the stability level of the field or enum value. -""" -directive @stability( - level: StabilityLevel! -) on ENUM_VALUE | FIELD_DEFINITION | INPUT_FIELD_DEFINITION +"A user account." +type Account { + "Stability: Long-term" + id: String! @stability(level: LongTerm) -""" -Data for updating action security policies -""" + "Stability: Long-term" + enabledFeaturesForAccount: [FeatureFlag!]! @stability(level: LongTerm) + + "Stability: Long-term" + username: String! @stability(level: LongTerm) + + "Stability: Long-term" + isRoot: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + isOrganizationRoot: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + fullName: String @stability(level: LongTerm) + + "Stability: Long-term" + firstName: String @stability(level: LongTerm) + + "Stability: Long-term" + lastName: String @stability(level: LongTerm) + + "Stability: Long-term" + phoneNumber: String @stability(level: LongTerm) + + "Stability: Long-term" + email: String @stability(level: LongTerm) + + "Stability: Long-term" + picture: String @stability(level: LongTerm) + + "Stability: Long-term" + settings: UserSettings! @stability(level: LongTerm) + + "Stability: Long-term" + createdAt: DateTime! @stability(level: LongTerm) + + "Stability: Long-term" + countryCode: String @stability(level: LongTerm) + + "Stability: Long-term" + stateCode: String @stability(level: LongTerm) + + "Stability: Long-term" + company: String @stability(level: LongTerm) + + "Stability: Long-term" + canCreateCloudTrialRepo: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + isCloudProAccount: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + canCreateRepo: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + externalPermissions: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + externalGroupSynchronization: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + currentOrganization: Organization! @stability(level: LongTerm) + + "Stability: Long-term" + announcement: Notification @stability(level: LongTerm) + + "Stability: Preview" + notificationsV2(typeFilter: [NotificationTypes!], + + "Choose the order in which the results are returned." + orderBy: OrderBy = ASC, + + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, + + "The amount of results to return." + limit: Int = 50): NotificationsResultSet! @stability(level: Preview) + + "Stability: Long-term" + token: PersonalUserToken @stability(level: LongTerm) + + "Stability: Long-term" + fieldConfigurations(viewName: String!): [FieldConfiguration!]! @stability(level: LongTerm) +} + +"An action that can be invoked from a trigger." +interface Action { + """ + The name of the action. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + The display name of the action. + Stability: Long-term + """ + displayName: String! @stability(level: LongTerm) + + """ + The id of the action. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + A template that can be used to recreate the action. + Stability: Long-term + """ + yamlTemplate: YAML! @stability(level: LongTerm) + + "Stability: Long-term" + packageId: VersionedPackageSpecifier @stability(level: LongTerm) + + """ + The package, if any, which the action is part of. + Stability: Long-term + """ + package: PackageInstallation @stability(level: LongTerm) + + """ + False if this type of action is disabled because of a security policy, true otherwise + Stability: Long-term + """ + isAllowedToRun: Boolean! @stability(level: LongTerm) + + """ + True if this action is used by triggers, where the query is run by the organization. If true, then the OrganizationOwnedQueries permission is required to edit the action. + Stability: Long-term + """ + requiresOrganizationOwnedQueriesPermissionToEdit: Boolean! @stability(level: LongTerm) + + """ + Allowed asset actions + Stability: Short-term + """ + allowedActions: [AssetAction!]! @stability(level: ShortTerm) + + """ + The resource identifier for this action. + Stability: Short-term + """ + resource: String! @stability(level: ShortTerm) + + """ + Metadata related to the creation of the action + Stability: Long-term + """ + createdInfo: AssetCommitMetadata @stability(level: LongTerm) + + """ + Metadata related to the latest modification of the action + Stability: Long-term + """ + modifiedInfo: AssetCommitMetadata @stability(level: LongTerm) + + """ + Labels to categorize the action. + Stability: Preview + """ + labels: [String!] @stability(level: Preview) +} + +"An action" +type ActionEntry { + "Stability: Long-term" + action: Action! @stability(level: LongTerm) + + "Stability: Preview" + view: SearchDomain! @stability(level: Preview) +} + +"Security policies for actions in the organization" +type ActionSecurityPolicies { + """ + Indicates if email actions can be configured and triggered + Stability: Short-term + """ + emailActionEnabled: Boolean! @stability(level: ShortTerm) + + """ + Allow list of glob patterns for acceptable email action recipients. Empty means no recipients allowed whereas null means all. + Stability: Short-term + """ + emailActionRecipientAllowList: [String!] @stability(level: ShortTerm) + + """ + Indicates if repository actions can be configured and triggered + Stability: Short-term + """ + repoActionEnabled: Boolean! @stability(level: ShortTerm) + + """ + Indicates if OpsGenie actions can be configured and triggered + Stability: Short-term + """ + opsGenieActionEnabled: Boolean! @stability(level: ShortTerm) + + """ + Indicates if PagerDuty actions can be configured and triggered + Stability: Short-term + """ + pagerDutyActionEnabled: Boolean! @stability(level: ShortTerm) + + """ + Indicates if single channel Slack actions can be configured and triggered + Stability: Short-term + """ + slackSingleChannelActionEnabled: Boolean! @stability(level: ShortTerm) + + """ + Indicates if multi channel Slack actions can be configured and triggered + Stability: Short-term + """ + slackMultiChannelActionEnabled: Boolean! @stability(level: ShortTerm) + + """ + Indicates if upload file actions can be configured and triggered + Stability: Short-term + """ + uploadFileActionEnabled: Boolean! @stability(level: ShortTerm) + + """ + Indicates if VictorOps actions can be configured and triggered + Stability: Short-term + """ + victorOpsActionEnabled: Boolean! @stability(level: ShortTerm) + + """ + Indicates if Webhook actions can be configured and triggered + Stability: Short-term + """ + webhookActionEnabled: Boolean! @stability(level: ShortTerm) + + """ + Allow list of glob patterns for acceptable webhook URLs. Empty means no recipients allowed whereas null means all. + Stability: Short-term + """ + webhookActionUrlAllowList: [String!] @stability(level: ShortTerm) + + """ + Indicates if S3 actions can be configured and triggered + Stability: Short-term + """ + s3ActionEnabled: Boolean! @stability(level: ShortTerm) +} + +"Data for updating action security policies" input ActionSecurityPoliciesInput { -""" -Data for updating action security policies -""" - emailActionEnabled: Boolean! -""" -Data for updating action security policies -""" - emailActionRecipientAllowList: [String!] -""" -Data for updating action security policies -""" - repoActionEnabled: Boolean! -""" -Data for updating action security policies -""" - opsGenieActionEnabled: Boolean! -""" -Data for updating action security policies -""" - pagerDutyActionEnabled: Boolean! -""" -Data for updating action security policies -""" - slackSingleChannelActionEnabled: Boolean! -""" -Data for updating action security policies -""" - slackMultiChannelActionEnabled: Boolean! -""" -Data for updating action security policies -""" - uploadFileActionEnabled: Boolean! -""" -Data for updating action security policies -""" - victorOpsActionEnabled: Boolean! -""" -Data for updating action security policies -""" - webhookActionEnabled: Boolean! -""" -Data for updating action security policies -""" - webhookActionUrlAllowList: [String!] + "Whether email actions should be enabled" + emailActionEnabled: Boolean! + + "Allow list of glob patterns restricting which recipient can be set on email actions. E.g. *@organization.com. Empty list means no recipients allowed whereas not setting it means all allowed." + emailActionRecipientAllowList: [String!] + + "Whether repository actions should be enabled" + repoActionEnabled: Boolean! + + "Whether OpsGenie actions should be enabled" + opsGenieActionEnabled: Boolean! + + "Whether PagerDuty actions should be enabled" + pagerDutyActionEnabled: Boolean! + + "Whether single channel Slack actions should be enabled" + slackSingleChannelActionEnabled: Boolean! + + "Whether multi channel Slack actions should be enabled" + slackMultiChannelActionEnabled: Boolean! + + "Whether upload file actions should be enabled" + uploadFileActionEnabled: Boolean! + + "Whether VictorOps actions should be enabled" + victorOpsActionEnabled: Boolean! + + "Whether webhook actions should be enabled" + webhookActionEnabled: Boolean! + + "Allow list of glob patterns restricting which URL can be set on webhook actions. E.g. *.organization.com. Empty means no recipients allowed whereas null means all." + webhookActionUrlAllowList: [String!] + + "Whether S3 actions should be enabled" + s3ActionEnabled: Boolean! +} + +type ActionTemplate { + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + displayName: String! @stability(level: LongTerm) + + "Stability: Long-term" + yamlTemplate: String! @stability(level: LongTerm) + + """ + The type of action + Stability: Long-term + """ + type: ActionType! @stability(level: LongTerm) +} + +"Action types associated with the template." +enum ActionType { + Email + LogScaleRepository + OpsGenie + PagerDuty + SlackMulti + SlackSingle + UploadFile + VictorOps + Webhook + S3 +} + +type ActiveSchemaOnView { + "Stability: Long-term" + viewName: RepoOrViewName! @stability(level: LongTerm) + + "Stability: Long-term" + schemaId: String! @stability(level: LongTerm) + + "Stability: Long-term" + is1to1Linked: Boolean! @stability(level: LongTerm) } input ActorInput { - actorType: ActorType! - actorId: String! + actorType: ActorType! + + "User or group ID depending on the actor type" + actorId: String! } -""" -The different types of actors that can be assigned permissions. -""" +"Actor types that can be assigned permissions." enum ActorType { - User - Group - Token + User + Group + Token } -""" -Data for adding a label to an alert -""" +"Data for adding labels to an action." +input AddActionLabels { + "Id of the action." + id: String! + + "Name of the view of the action." + viewName: RepoOrViewName! + + "Labels for the action. There can be at most 10 labels with a max length of 60 characters per label." + labels: [String!]! +} + +"Data for adding a label to an aggregate alert." +input AddAggregateAlertLabel { + "Name of the view of the aggregate alert." + viewName: RepoOrViewName! + + "Id of the aggregate alert." + id: String! + + "Label to add to the aggregate alert." + label: String! +} + +"Data for adding labels to an aggregate alert." +input AddAggregateAlertLabels { + "Name of the view of the aggregate alert." + viewName: RepoOrViewName! + + "Id of the aggregate alert." + id: String! + + "Labels for the aggregate alert. There can be at most 10 labels, with a max length of 60 characters per label." + labels: [String!]! +} + +"Data for adding a label to an alert" input AddAlertLabel { -""" -Data for adding a label to an alert -""" - viewName: String! -""" -Data for adding a label to an alert -""" - id: String! -""" -Data for adding a label to an alert -""" - label: String! + "Name of the view of the legacy alert." + viewName: String! + + "Id of the legacy alert." + id: String! + + "Label for the alert." + label: String! } -""" -Input object for field addFieldAliasMapping -""" +"Input object for field addFieldAliasMapping" input AddAliasMappingInput { -""" -Input object for field addFieldAliasMapping -""" - schemaId: String! -""" -Input object for field addFieldAliasMapping -""" - aliasMapping: AliasMappingInput! + "ID of the schema that the alias mapping exists on." + schemaId: String! + + "Alias mapping to be added to this schema." + aliasMapping: AliasMappingInput! } input AddCrossOrganizationViewConnectionFiltersInput { - name: String! - connections: [CrossOrganizationViewConnectionInputModel!]! + name: String! + connections: [CrossOrganizationViewConnectionInputModel!]! +} + +"Data for adding labels to a dashboard." +input AddDashboardLabels { + "Name of the view of the dashboard." + viewName: RepoOrViewName! + + "Id of the dashboard." + id: String! + + "Labels for the dashboard. There can be at most 10 labels with a max length of 60 characters per label." + labels: [String!]! +} + +"Input type for adding labels to a file." +input AddFileLabels { + "Name of the view for the file." + viewName: RepoOrViewName! + + "Name of the file." + fileName: String! + + "Labels for the file. There can be at most 10 labels with a max length of 60 characters per label." + labels: [String!]! +} + +"Data for adding a label to a filter alert." +input AddFilterAlertLabel { + "Name of the view of the filter alert." + viewName: RepoOrViewName! + + "Id of the filter alert." + id: String! + + "Label to add to the filter alert." + label: String! +} + +"Data for adding labels to a filter alert." +input AddFilterAlertLabels { + "Name of the view of the filter alert." + viewName: RepoOrViewName! + + "Id of the filter alert." + id: String! + + "Labels to add to the filter alert. There can be at most 10 labels, with a max length of 60 characters per label." + labels: [String!]! } type AddGroupMutation { -""" -Stability: Long-term -""" - group: Group! + "Stability: Long-term" + group: Group! @stability(level: LongTerm) } -""" -Input data to create an ingest token -""" +"Input data to create an ingest token" input AddIngestTokenV3Input { -""" -Input data to create an ingest token -""" - repositoryName: String! -""" -Input data to create an ingest token -""" - name: String! -""" -Input data to create an ingest token -""" - parser: String -""" -Input data to create an ingest token -""" - customToken: String + "Name of the repository." + repositoryName: String! + + "Name of the new ingest token." + name: String! + + "Optional id or name of the parser to assign to the ingest token. Parsers in packages can be referred to as \"packagescope/packagename:parsername\"." + parser: String + + "Optional custom token string. This requires special permissions and root privileges." + customToken: String } -""" -Data for adding a label to a scheduled search -""" +"Data for adding a label to a scheduled search" input AddLabelScheduledSearch { -""" -Data for adding a label to a scheduled search -""" - viewName: String! -""" -Data for adding a label to a scheduled search -""" - id: String! -""" -Data for adding a label to a scheduled search -""" - label: String! + "Name of the view of the scheduled search." + viewName: String! + + "Id of the scheduled search." + id: String! + + "Label for the scheduled search." + label: String! +} + +"Data for adding labels to a legacy alert" +input AddLegacyAlertLabels { + "Name of the view of the legacy alert." + viewName: RepoOrViewName! + + "Id of the legacy alert." + id: String! + + "Labels for the legacy alert. There can be at most 10 labels, with a max length of 60 characters per label." + labels: [String!]! } input AddLimitInput { - limitName: String! - allowLogin: Boolean! - dailyIngest: Long! - retention: Int! - allowSelfService: Boolean! - expiration: Long - contractVersion: Organizations__ContractVersion - userLimit: Int + limitName: String! + allowLogin: Boolean! + dailyIngest: Long! + retention: Int! + allowSelfService: Boolean! + expiration: Long + contractVersion: Organizations__ContractVersion + userLimit: Int } input AddLimitV2Input { - limitName: String! - allowLogin: Boolean! - dailyIngest: Long - dailyIngestContractualType: Organizations__ContractualType! - storageContractualType: Organizations__ContractualType! - dailyScanContractualType: Organizations__ContractualType! - measurementType: Organizations__MeasurementType! - dailyScan: Long - retention: Int! - maxRetention: Int! - allowSelfService: Boolean! - expiration: Long - userLimit: Int - dateType: String! - trial: Boolean! - allowFlightControl: Boolean! - repositoryLimit: Int + limitName: String! + allowLogin: Boolean! + dailyIngest: Long + dailyIngestContractualType: Organizations__ContractualType! + storageContractualType: Organizations__ContractualType! + dailyScanContractualType: Organizations__ContractualType! + measurementType: Organizations__MeasurementType! + dailyScan: Long + retention: Int! + maxRetention: Int! + allowSelfService: Boolean! + expiration: Long + userLimit: Int + dateType: String! + trial: Boolean! + allowFlightControl: Boolean! + repositoryLimit: Int } type AddRecentQuery { -""" -Stability: Long-term -""" - recentQueries: [RecentQuery!]! + "Stability: Long-term" + recentQueries: [RecentQuery!]! @stability(level: LongTerm) } input AddRecentQueryInput { - viewName: String! - queryArguments: [InputDictionaryEntry!]! - queryString: String! - start: String! - end: String! - isLive: Boolean! - widgetType: String - options: JSON + viewName: String! + queryArguments: [InputDictionaryEntry!]! + queryString: String! + start: String! + end: String! + isLive: Boolean! + widgetType: String + options: JSON } input AddRoleInput { - displayName: String! - viewPermissions: [Permission!]! - color: String - systemPermissions: [SystemPermission!] - organizationPermissions: [OrganizationPermission!] - objectAction: ObjectAction - organizationManagementPermissions: [OrganizationManagementPermission!] + displayName: String! + viewPermissions: [Permission!]! + color: String + systemPermissions: [SystemPermission!] + organizationPermissions: [OrganizationPermission!] + objectAction: ObjectAction + organizationManagementPermissions: [OrganizationManagementPermission!] } type AddRoleMutation { -""" -Stability: Long-term -""" - role: Role! + "Stability: Long-term" + role: Role! @stability(level: LongTerm) } -""" -Data for adding a star to a scheduled search -""" -input AddStarScheduledSearch { -""" -Data for adding a star to a scheduled search -""" - viewName: String! -""" -Data for adding a star to a scheduled search -""" - id: String! +"Data for adding labels to a saved query." +input AddSavedQueryLabels { + "Name of the view of the saved query." + viewName: RepoOrViewName! + + "Id of the saved query." + id: String! + + "Labels for the saved query. There can be at most 10 labels, with a max length of 60 characters per label." + labels: [String!]! } -""" -Data for adding a star to an alert -""" -input AddStarToAlert { -""" -Data for adding a star to an alert -""" - viewName: String! -""" -Data for adding a star to an alert -""" - id: String! +"Data for adding labels to a scheduled search" +input AddScheduledSearchLabels { + "Name of the view of the scheduled search." + viewName: RepoOrViewName! + + "Id of the scheduled search." + id: String! + + "Labels for the scheduled search. There can be at most 10 labels, with a max length of 60 characters per label." + labels: [String!]! } input AddStarToFieldInput { - fieldName: String! - searchDomainName: String! + fieldName: String! + searchDomainName: String! } type AddStarToFieldMutation { -""" -Stability: Long-term -""" - starredFields: [String!]! + "Stability: Long-term" + starredFields: [String!]! @stability(level: LongTerm) } input AddStarToQueryInput { - savedQueryId: String! - searchDomainName: String! + savedQueryId: String! + searchDomainName: String! } input AddSubdomainInput { - subdomain: String! + subdomain: String! } -""" -Data for adding to the blocklist -""" +"Data for adding to the blocklist" input AddToBlocklistByIdInput { -""" -Data for adding to the blocklist -""" - pattern: String! -""" -Data for adding to the blocklist -""" - type: BlockedQueryMatcherType! -""" -Data for adding to the blocklist -""" - viewId: String -""" -Data for adding to the blocklist -""" - clusterWide: Boolean + "The pattern to match" + pattern: String! + + "Whether the pattern should be matched exactly or interpreted as a regex pattern" + type: BlockedQueryMatcherType! + + "Limits the scope of the pattern to a specific view preventing matching queries from execution in that context only." + viewId: String + + "Whether to apply the pattern globally. Requires the ManageCluster permission." + clusterWide: Boolean = false } -""" -Data for adding to the blocklist -""" +"Data for adding to the blocklist" input AddToBlocklistInput { -""" -Data for adding to the blocklist -""" - pattern: String! -""" -Data for adding to the blocklist -""" - type: BlockedQueryMatcherType! -""" -Data for adding to the blocklist -""" - viewName: String -""" -Data for adding to the blocklist -""" - clusterWide: Boolean + "The pattern to match" + pattern: String! + + "Whether the pattern should be matched exactly or interpreted as a regex pattern" + type: BlockedQueryMatcherType! + + "Limits the scope of the pattern to a specific view preventing matching queries from execution in that context only." + viewName: String + + "Whether to apply the pattern globally. Requires the ManageCluster permission." + clusterWide: Boolean = false } input AddUserInput { - username: String! - company: String - isRoot: Boolean - firstName: String - lastName: String - fullName: String - picture: String - email: String - countryCode: String - stateCode: String + username: String! + company: String + isRoot: Boolean + firstName: String + lastName: String + fullName: String + picture: String + email: String + countryCode: String + stateCode: String } input AddUserInputV2 { - username: String! - company: String - isRoot: Boolean - firstName: String - lastName: String - fullName: String - picture: String - email: String - countryCode: String - stateCode: String - sendInvite: Boolean - verificationToken: String - isOrgOwner: Boolean + username: String! + company: String + isRoot: Boolean + firstName: String + lastName: String + fullName: String + picture: String + email: String + countryCode: String + stateCode: String + sendInvite: Boolean + verificationToken: String + isOrgOwner: Boolean } input AddUsersToGroupInput { - users: [String!]! - groupId: String! + users: [String!]! + groupId: String! } type AddUsersToGroupMutation { -""" -Stability: Long-term -""" - group: Group! + "Stability: Long-term" + group: Group! @stability(level: LongTerm) } -input AliasInfoInput { - source: String! - alias: String! +"An aggregate alert." +type AggregateAlert { + """ + Id of the aggregate alert. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + Name of the aggregate alert. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + Description of the aggregate alert. + Stability: Long-term + """ + description: String @stability(level: LongTerm) + + """ + LogScale query to execute. + Stability: Long-term + """ + queryString: String! @stability(level: LongTerm) + + """ + List of actions to fire on query result. + Stability: Long-term + """ + actions: [Action!]! @stability(level: LongTerm) + + """ + Labels attached to the aggregate alert. + Stability: Long-term + """ + labels: [String!]! @stability(level: LongTerm) + + """ + Flag indicating whether the aggregate alert is enabled. + Stability: Long-term + """ + enabled: Boolean! @stability(level: LongTerm) + + """ + Throttle time in seconds. + Stability: Long-term + """ + throttleTimeSeconds: Long! @stability(level: LongTerm) + + """ + A field to throttle on. Can only be set if throttleTimeSeconds is set. + Stability: Long-term + """ + throttleField: String @stability(level: LongTerm) + + """ + Search interval in seconds. + Stability: Long-term + """ + searchIntervalSeconds: Long! @stability(level: LongTerm) + + """ + Timestamp type to use for a query. + Stability: Long-term + """ + queryTimestampType: QueryTimestampType! @stability(level: LongTerm) + + """ + Trigger mode used for triggering the alert. + Stability: Long-term + """ + triggerMode: TriggerMode! @stability(level: LongTerm) + + """ + Unix timestamp for last execution of trigger. + Stability: Long-term + """ + lastTriggered: Long @stability(level: LongTerm) + + """ + Unix timestamp for last successful poll (including action invocation if applicable) of the aggregate alert query. If this is not quite recent, then the alert might be having problems. + Stability: Long-term + """ + lastSuccessfulPoll: Long @stability(level: LongTerm) + + """ + Last error encountered while running the aggregate alert. + Stability: Long-term + """ + lastError: String @stability(level: LongTerm) + + """ + Last warnings encountered while running the aggregate alert. + Stability: Long-term + """ + lastWarnings: [String!]! @stability(level: LongTerm) + + """ + YAML specification of the aggregate alert. + Stability: Long-term + """ + yamlTemplate: YAML! @stability(level: LongTerm) + + """ + The id of the package of the aggregate alert template. + Stability: Long-term + """ + packageId: VersionedPackageSpecifier @stability(level: LongTerm) + + """ + User or token used to modify the asset. + Stability: Preview + """ + modifiedInfo: ModifiedInfo! @stability(level: Preview) + + """ + The package that the aggregate alert was installed as part of. + Stability: Long-term + """ + package: PackageInstallation @stability(level: LongTerm) + + """ + Ownership of the query run by this alert + Stability: Long-term + """ + queryOwnership: QueryOwnership! @stability(level: LongTerm) + + """ + Allowed asset actions + Stability: Short-term + """ + allowedActions: [AssetAction!]! @stability(level: ShortTerm) + + """ + The resource identifier for this aggregate alert. + Stability: Short-term + """ + resource: String! @stability(level: ShortTerm) + + """ + Metadata related to the creation of the aggregate alert + Stability: Long-term + """ + createdInfo: AssetCommitMetadata @stability(level: LongTerm) } -""" -Input object for creating a new alias mapping. -""" -input AliasMappingInput { -""" -Input object for creating a new alias mapping. -""" - name: String! -""" -Input object for creating a new alias mapping. -""" - tags: [TagsInput!]! -""" -Input object for creating a new alias mapping. -""" - aliases: [AliasInfoInput!]! -""" -Input object for creating a new alias mapping. -""" - originalFieldsToKeep: [String!] -} +type AggregateAlertTemplate { + "Stability: Long-term" + name: String! @stability(level: LongTerm) -input AnalyticsBrowser { - info: AnalyticsBrowserInfo! - isChrome: Boolean! - isChromeHeadless: Boolean! - isEdge: Boolean! - isFirefox: Boolean! - isIE: Boolean! - isSafari: Boolean! -} + "Stability: Long-term" + displayName: String! @stability(level: LongTerm) -input AnalyticsBrowserInfo { - name: String - version: String - major: String -} + "Stability: Long-term" + yamlTemplate: YAML! @stability(level: LongTerm) -input AnalyticsDevice { - info: AnalyticsDeviceInfo! - isConsole: Boolean! - isDesktop: Boolean! - isMobile: Boolean! - isTablet: Boolean! + "Stability: Long-term" + labels: [String!]! @stability(level: LongTerm) } -input AnalyticsDeviceInfo { - model: String - type: String - vendor: String +"An alert." +type Alert { + """ + Id of the legacy alert. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + Name of the alert. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + Id of user which the alert is running as. + Stability: Long-term + """ + runAsUser: User @stability(level: LongTerm) + + """ + Name of the alert. + Stability: Long-term + """ + displayName: String! @stability(level: LongTerm) + + """ + Name of the alert. + Stability: Long-term + """ + description: String @stability(level: LongTerm) + + """ + LogScale query to execute. + Stability: Long-term + """ + queryString: String! @stability(level: LongTerm) + + """ + Start of the relative time interval for the query. + Stability: Long-term + """ + queryStart: String! @stability(level: LongTerm) + + """ + Throttle time in milliseconds. + Stability: Long-term + """ + throttleTimeMillis: Long! @stability(level: LongTerm) + + """ + Field to throttle on. + Stability: Long-term + """ + throttleField: String @stability(level: LongTerm) + + """ + Unix timestamp for when the alert was last triggered. + Stability: Long-term + """ + timeOfLastTrigger: Long @stability(level: LongTerm) + + """ + Flag indicating whether the alert is enabled. + Stability: Long-term + """ + enabled: Boolean! @stability(level: LongTerm) + + """ + List of ids for actions to fire on query result. + Stability: Long-term + """ + actions: [String!]! @stability(level: LongTerm) + + """ + List of ids for actions to fire on query result. + Stability: Long-term + """ + actionsV2: [Action!]! @stability(level: LongTerm) + + """ + Last error encountered while running the alert. + Stability: Long-term + """ + lastError: String @stability(level: LongTerm) + + """ + Last warnings encountered while running the alert. + Stability: Long-term + """ + lastWarnings: [String!]! @stability(level: LongTerm) + + """ + Labels attached to the alert. + Stability: Long-term + """ + labels: [String!]! @stability(level: LongTerm) + + """ + A YAML formatted string that describes the alert. + Stability: Long-term + """ + yamlTemplate: String! @stability(level: LongTerm) + + """ + The id of the package that the alert was installed as part of. + Stability: Long-term + """ + packageId: VersionedPackageSpecifier @stability(level: LongTerm) + + """ + The package that the alert was installed as part of. + Stability: Long-term + """ + package: PackageInstallation @stability(level: LongTerm) + + """ + Ownership of the query run by this alert + Stability: Long-term + """ + queryOwnership: QueryOwnership! @stability(level: LongTerm) + + """ + Allowed asset actions + Stability: Short-term + """ + allowedActions: [AssetAction!]! @stability(level: ShortTerm) + + """ + The resource identifier for this alert. + Stability: Short-term + """ + resource: String! @stability(level: ShortTerm) + + """ + Metadata related to the creation of the alert + Stability: Long-term + """ + createdInfo: AssetCommitMetadata @stability(level: LongTerm) +} + +"All actions, labels and packages used in alerts." +type AlertFieldValues { + """ + List of names of actions attached to alerts. Sorted by action names lexicographically. + Stability: Preview + """ + actionNames: [String!]! @stability(level: Preview) + + """ + List of labels attached to alerts. Sorted by label names lexicographically. + Stability: Preview + """ + labels: [String!]! @stability(level: Preview) + + """ + List of packages for installed alerts as unversioned qualified package specifiers `scope/packageName`. Sorted lexicographically. + Stability: Preview + """ + unversionedPackageSpecifiers: [String!]! @stability(level: Preview) +} + +"Arguments for alert field values query." +input AlertFieldValuesInput { + "Name of view for the alerts." + viewName: RepoOrViewName! } -input AnalyticsEngine { - info: AnalyticsInfo! - isWebkit: Boolean! -} +type AlertTemplate { + "Stability: Long-term" + name: String! @stability(level: LongTerm) -input AnalyticsFeature { - name: String! - value: Boolean! -} + "Stability: Long-term" + displayName: String! @stability(level: LongTerm) -input AnalyticsInfo { - name: String! - version: String! + "Stability: Long-term" + yamlTemplate: String! @stability(level: LongTerm) + + "Stability: Long-term" + labels: [String!]! @stability(level: LongTerm) +} + +"Alert types known to the system." +enum AlertType { + LegacyAlert + FilterAlert + AggregateAlert +} + +type AliasInfo { + "Stability: Long-term" + source: String! @stability(level: LongTerm) + + "Stability: Long-term" + alias: String! @stability(level: LongTerm) +} + +input AliasInfoInput { + source: String! + alias: String! +} + +type AliasMapping { + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + tags: [TagInfo!]! @stability(level: LongTerm) + + "Stability: Long-term" + aliases: [AliasInfo!]! @stability(level: LongTerm) + + "Stability: Long-term" + originalFieldsToKeep: [String!]! @stability(level: LongTerm) +} + +"Input object for creating a new alias mapping." +input AliasMappingInput { + name: String! + tags: [TagsInput!]! + aliases: [AliasInfoInput!]! + originalFieldsToKeep: [String!] +} + +input AnalyticsBrowser { + info: AnalyticsBrowserInfo! + isChrome: Boolean! + isChromeHeadless: Boolean! + isEdge: Boolean! + isFirefox: Boolean! + isIE: Boolean! + isSafari: Boolean! +} + +input AnalyticsBrowserInfo { + name: String + version: String + major: String +} + +input AnalyticsDevice { + info: AnalyticsDeviceInfo! + isConsole: Boolean! + isDesktop: Boolean! + isMobile: Boolean! + isTablet: Boolean! +} + +input AnalyticsDeviceInfo { + model: String + type: String + vendor: String +} + +input AnalyticsEngine { + info: AnalyticsInfo! + isWebkit: Boolean! +} + +input AnalyticsFeature { + name: String! + value: Boolean! +} + +input AnalyticsInfo { + name: String! + version: String! } input AnalyticsLog { - category: String! - action: String! - message: String + category: String! + action: String! + message: String } input AnalyticsLogWithTimestamp { - eventId: String! - timestamp: Long! - route: String! - action: String! - system: String! - arguments: [String!]! - feature: String - features: [AnalyticsFeature!]! - context: String! - metrics: AnalyticsMetrics! - userAgent: AnalyticsUserAgent! + eventId: String! + timestamp: Long! + route: String! + action: String! + system: String! + arguments: [String!]! + feature: String + features: [AnalyticsFeature!]! + context: String! + metrics: AnalyticsMetrics! + userAgent: AnalyticsUserAgent! } input AnalyticsMetrics { - fps: Int! + fps: Int! } input AnalyticsOS { - info: AnalyticsInfo! - isAndroid: Boolean! - isIOS: Boolean! - isLinux: Boolean! - isMacOS: Boolean! - isWindows: Boolean! + info: AnalyticsInfo! + isAndroid: Boolean! + isIOS: Boolean! + isLinux: Boolean! + isMacOS: Boolean! + isWindows: Boolean! } input AnalyticsUserAgent { - browser: AnalyticsBrowser! - device: AnalyticsDevice! - engine: AnalyticsEngine! - os: AnalyticsOS! + browser: AnalyticsBrowser! + device: AnalyticsDevice! + engine: AnalyticsEngine! + os: AnalyticsOS! } -""" -The type of archiving to reset. Defaults to RepoOnly -""" +"Arguments for analyzeQuery" +input AnalyzeQueryArguments { + queryString: String! + version: LanguageVersionInputType! + queryKind: QueryKindInputType + isLive: Boolean + + "Query arguments. When not supplied, query analysis will attempt to recover from unbound query parameter uses in the given query. Specifying query arguments for all query parameters used in the query is recommended for more precise analysis." + arguments: [QueryArgumentInputType!] + + "The view name in which the query should be analyzed. This gives query validation access to the saved query definitions available on that view. Specifying a view is recommended for more precise analysis." + viewName: RepoOrViewName + + "Determines whether query analysis is performed in strict mode or not. Defaults to true. When in strict mode, missing query arguments are reported as validation errors, and saved query uses are validated. When in non-strict mode, missing query arguments and all saved query uses are not reported as validation errors." + strict: Boolean + + "A list of function names which are disallowed when validated the query" + rejectFunctions: [String!] + + "Optional time range that the query is intended to be run over. When provided the interval will be validated syntactically and certain query functions can be further validated." + timeInterval: QueryTimeInterval +} + +"Result of analyzing a query." +type AnalyzeQueryInfo { + """ + Check if the given query contains any errors or warnings when used in a standard search context. + Stability: Short-term + """ + validateQuery: QueryValidationInfo! @stability(level: ShortTerm) + + """ + Suggested type of alert to use for the given query. + Returns null if no suitable alert type could be suggested. + The given query is not guaranteed to be valid for the suggested alert type. + + Stability: Short-term + """ + suggestedAlertType: SuggestedAlertTypeInfo @stability(level: ShortTerm) + + """ + The results from statically analyzing the query. + + Stability: Preview + """ + analysisResult: QueryAnalysisResult! @stability(level: Preview) +} + +"Archiving types to reset. The default is RepoOnly" enum ArchivalKind { -""" -Reset only the repo archiving -""" - RepoOnly -""" -Reset only the cluster wide archiving -""" - ClusterWideOnly -""" -Reset all the the archiving types -""" - All + "Reset only the repo archiving" + RepoOnly + + "Reset only the cluster wide archiving" + ClusterWideOnly + + "Reset all the archiving types" + All +} + +"Configuration for archiving, e.e. bucket name and/or region." +interface ArchivingConfiguration { + """ + Bucket name for storing archived data. Example: acme-bucket. + Stability: Short-term + """ + bucket: String! @stability(level: ShortTerm) + + """ + Do not archive logs older than this. + Stability: Short-term + """ + startFrom: DateTime @stability(level: ShortTerm) + + """ + Whether the archiving has been disabled. + Stability: Short-term + """ + disabled: Boolean @stability(level: ShortTerm) + + """ + Array of names of tag fields to use in that order in the output file names. + Stability: Short-term + """ + tagOrderInName: [String!]! @stability(level: ShortTerm) +} + +"The format to store archived segments." +enum ArchivingFormat { + RAW + NDJSON } input ArgumentInput { - key: String! - value: String! + key: String! + value: String! } -""" -A gap in th array. Null values represent missing bounds -""" +"A gap in th array. Null values represent missing bounds" type ArrayGap { -""" -Array gap starts at this index (inclusive) -Stability: Preview -""" - startsAtIndex: Int! -""" -Array gap ends at this index (exclusive) -Stability: Preview -""" - endsAtIndex: Int! + """ + Array gap starts at this index (inclusive) + Stability: Short-term + """ + startsAtIndex: Int! @stability(level: ShortTerm) + + """ + Array gap ends at this index (exclusive) + Stability: Short-term + """ + endsAtIndex: Int! @stability(level: ShortTerm) } -""" -Array gaps identified for a given prefix -""" +"Array gaps identified for a given prefix" type ArrayWithGap { -""" -Prefix that represents a field up until the point at which a gap was identified. For instance, the field `a[0].b[1]` would give the prefix `a[0].b` as the gap occurs when indexing `b` with `1`. For `a[1].b[0]` we would get the prefix `a`. -Stability: Preview -""" - lastValidPrefix: String! -""" -Gaps identified for array prefix -Stability: Preview -""" - gaps: [ArrayGap!]! + """ + Prefix that represents a field up until the point at which a gap was identified. For instance, the field `a[0].b[1]` would give the prefix `a[0].b` as the gap occurs when indexing `b` with `1`. For `a[1].b[0]` we would get the prefix `a`. + Stability: Short-term + """ + lastValidPrefix: String! @stability(level: ShortTerm) + + """ + Gaps identified for array prefix + Stability: Short-term + """ + gaps: [ArrayGap!]! @stability(level: ShortTerm) } -""" -Different ways in which an assertion may fail. -""" -union AssertionFailureOnField =FieldUnexpectedlyPresent | FieldHadUnexpectedValue | FieldHadConflictingAssertions | AssertionOnFieldWasOrphaned +"Different ways in which an assertion may fail." +union AssertionFailureOnField = FieldUnexpectedlyPresent | FieldHadUnexpectedValue | FieldHadConflictingAssertions | AssertionOnFieldWasOrphaned -""" -This occurs when an assertion was set to run on some output event that wasn't produced by the parser. That is, the assertion may be set to run on output event number 2, but the parser only produced one event. -""" +"This occurs when an assertion was set to run on some output event that wasn't produced by the parser. That is, the assertion may be set to run on output event number 2, but the parser only produced one event." type AssertionOnFieldWasOrphaned { -""" -Field being asserted on. -Stability: Long-term -""" - fieldName: String! + """ + Field being asserted on. + Stability: Long-term + """ + fieldName: String! @stability(level: LongTerm) +} + +"The allowed type of action for an asset." +enum AssetAction { + Read + Update + Delete + ReadMetadata +} + +"A role and the asset actions it allows" +type AssetActionsByRole { + "Stability: Short-term" + role: Role @stability(level: ShortTerm) + + """ + Asset actions allowed by the role + Stability: Short-term + """ + assetActions: [AssetAction!]! @stability(level: ShortTerm) +} + +"Common interface for user and group permission assignments" +interface AssetActionsBySource { + """ + List of roles assigned to the user or group and the asset actions they allow + Stability: Short-term + """ + assetActionsByRoles: [AssetActionsByRole!]! @stability(level: ShortTerm) + + """ + Asset permissions assigned directly to the user or group + Stability: Short-term + """ + directlyAssigned: DirectlyAssignedAssetPermissions! @stability(level: ShortTerm) +} + +"An author of an Asset commit" +interface AssetCommitAuthor { + """ + A common string representation of an author + Stability: Long-term + """ + displayString: String! @stability(level: LongTerm) +} + +"Metadata about a commit of an asset" +type AssetCommitMetadata { + """ + The time of the commit + Stability: Long-term + """ + timestamp: Long! @stability(level: LongTerm) + + """ + The author of the commit + Stability: Long-term + """ + author: AssetCommitAuthor! @stability(level: LongTerm) +} + +"Asset permissions." +enum AssetPermission { + UpdateAsset + DeleteAsset +} + +"An asset permission search result set" +type AssetPermissionSearchResultSet { + """ + The total number of matching results + Stability: Short-term + """ + totalResults: Int! @stability(level: ShortTerm) + + """ + The paginated result set + Stability: Short-term + """ + results: [SearchAssetPermissionsResultEntry!]! @stability(level: ShortTerm) +} + +"Asset types." +enum AssetPermissionsAssetType { + LegacyAlert + FilterAlert + AggregateAlert + ScheduledSearch + ScheduledReport + Action + Dashboard + File + SavedQuery +} + +enum AssetType { + Action + AggregateAlert + Alert + Dashboard + File + FilterAlert + Interaction + Parser + SavedQuery + ScheduledSearch } input AssignOrganizationManagementRoleToGroupInput { - groupId: String! - roleId: String! - organizationIds: [String!]! + groupId: String! + roleId: String! + organizationIds: [String!]! } type AssignOrganizationManagementRoleToGroupMutation { -""" -Stability: Long-term -""" - group: GroupOrganizationManagementRole! + "Stability: Long-term" + group: GroupOrganizationManagementRole! @stability(level: LongTerm) } input AssignOrganizationRoleToGroupInput { - groupId: String! - roleId: String! + groupId: String! + roleId: String! } type AssignOrganizationRoleToGroupMutation { -""" -Stability: Long-term -""" - group: GroupOrganizationRole! + "Stability: Long-term" + group: GroupOrganizationRole! @stability(level: LongTerm) } -""" -Input data to assign a parser to an ingest token -""" +"Input data to assign a parser to an ingest token" input AssignParserToIngestTokenInputV2 { -""" -Input data to assign a parser to an ingest token -""" - repositoryName: String! -""" -Input data to assign a parser to an ingest token -""" - tokenName: String! -""" -Input data to assign a parser to an ingest token -""" - parser: String! + "Name of the repository." + repositoryName: String! + + "Name of the ingest token." + tokenName: String! + + "Id or name of the parser to assign to the ingest token. Parsers in packages can be referred to as \"packagescope/packagename:parsername\"." + parser: String! } input AssignRoleToGroupInput { - viewId: String! - groupId: String! - roleId: String! - overrideExistingAssignmentsForView: Boolean + viewId: String! + groupId: String! + roleId: String! + overrideExistingAssignmentsForView: Boolean } type AssignRoleToGroupMutation { -""" -Stability: Long-term -""" - group: SearchDomainRole! + "Stability: Long-term" + group: SearchDomainRole! @stability(level: LongTerm) } input AssignSystemRoleToGroupInput { - groupId: String! - roleId: String! + groupId: String! + roleId: String! } type AssignSystemRoleToGroupMutation { -""" -Stability: Long-term -""" - group: GroupSystemRole! + "Stability: Long-term" + group: GroupSystemRole! @stability(level: LongTerm) } input AssignUserRolesInSearchDomainInput { - searchDomainId: String! - roleAssignments: [UserRoleAssignmentInput!]! + searchDomainId: String! + roleAssignments: [UserRoleAssignmentInput!]! } -""" -Authentication through Auth0. -""" -type Auth0Authentication implements AuthenticationMethod{ -""" -Stability: Long-term -""" - auth0Domain: String! -""" -Stability: Long-term -""" - clientId: String! -""" -Stability: Long-term -""" - allowSignup: Boolean! -""" -Stability: Long-term -""" - redirectUrl: String! -""" -The display name of the authentication method. -Stability: Long-term -""" - name: String! +"Authentication through Auth0." +type Auth0Authentication implements AuthenticationMethod { + "Stability: Long-term" + auth0Domain: String! @stability(level: LongTerm) + + "Stability: Long-term" + clientId: String! @stability(level: LongTerm) + + "Stability: Long-term" + allowSignup: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + redirectUrl: String! @stability(level: LongTerm) + + """ + The display name of the authentication method. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) } -""" -Payload for specifying targets for batch updating query ownership -""" +"Represents information about how users authenticate with LogScale." +interface AuthenticationMethod { + """ + The display name of the authentication method. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) +} + +interface AuthenticationMethodAuth { + "Stability: Long-term" + authType: String! @stability(level: LongTerm) +} + +"AWS Secrets Manager secret pointer" +type AwsSecretsManagerSecret { + """ + The Amazon Resource Name (ARN) of the AWS Secrets Manager secret. + Stability: Preview + """ + arn: String! @stability(level: Preview) +} + +"Archiving configuration for Azure, i.e. bucket and format." +type AzureArchivingConfigurationDTO implements ArchivingConfiguration { + """ + Bucket name for storing archived data. Example: acme-bucket. + Stability: Short-term + """ + bucket: String! @stability(level: ShortTerm) + + """ + Do not archive logs older than this. + Stability: Short-term + """ + startFrom: DateTime @stability(level: ShortTerm) + + """ + Whether the archiving has been disabled. + Stability: Short-term + """ + disabled: Boolean @stability(level: ShortTerm) + + """ + The format to store the archived data in Azure, i.e. NDJSON. + Stability: Short-term + """ + format: ArchivingFormat @stability(level: ShortTerm) + + """ + Array of names of tag fields to use in that order in the output file names. + Stability: Short-term + """ + tagOrderInName: [String!]! @stability(level: ShortTerm) +} + +"The type of Azure authentication config." +enum AzureAuthenticationConfigType { + "Stability: Long-term" + ClientSecretFromUser @stability(level: LongTerm) + + "Stability: Long-term" + ClientSecretFromEnvironmentVariables @stability(level: LongTerm) + + "Stability: Long-term" + NotConfigured @stability(level: LongTerm) +} + +"Shows the current configuration for ingest feeds that uses Azure Event Hubs." +type AzureEventHubConfiguration { + """ + Is true if auth configuration is setup for ingest feeds that use Azure Event Hubs. + Stability: Long-term + """ + isAuthConfigured: Boolean! @stability(level: LongTerm) + + """ + The type of azure authentication config. + Stability: Long-term + """ + AuthConfiguration: AzureAuthenticationConfigType! @stability(level: LongTerm) +} + +"Azure Event Hubs configuration" +type AzureEventHubs { + """ + Fully qualified namespace of the Event Hub. Often structured like this: .servicebus.windows.net + Stability: Preview + """ + eventHubFullyQualifiedNamespace: String! @stability(level: Preview) + + """ + Name of the Event Hub. + Stability: Short-term + """ + eventHubName: String! @stability(level: ShortTerm) + + """ + Consumer group for the Event Hub + Stability: Preview + """ + consumerGroup: String! @stability(level: Preview) + + """ + The preprocessing to apply to an ingest feed before parsing. + Stability: Preview + """ + preprocessing: AzureEventHubsPreprocessing! @stability(level: Preview) + + """ + Specifies the starting point for reading events from the Event Hub when no previous checkpoint exists. + Stability: Preview + """ + defaultCheckpoint: AzureEventHubsCheckPoint! @stability(level: Preview) + + """ + Configuration for how the Event Hub checkpoints should be handled. + Stability: Preview + """ + checkpointHandling: AzureEventHubsCheckpointHandling! @stability(level: Preview) + + """ + Authentication method for Azure event hub. + Stability: Preview + """ + authentication: AzureEventHubsAuthentication! @stability(level: Preview) +} + +"Authentication method for Azure event hub." +union AzureEventHubsAuthentication = AzureEventHubsAuthenticationLogScaleConfig | AzureEventHubsAuthenticationClientSecretCredentials + +"Authentication method using a service principal with a secret. The secret is stored in a secrets manager." +type AzureEventHubsAuthenticationClientSecretCredentials { + """ + Id of the secret handle used to retrieve the secret. + Stability: Preview + """ + secretHandleId: String! @stability(level: Preview) + + """ + Client id of the specific app used for authentication. + Stability: Preview + """ + clientId: String! @stability(level: Preview) + + """ + Tenant id of the tenant the specific app, used for authentication, belongs to. + Stability: Preview + """ + tenantId: String! @stability(level: Preview) + + """ + The id of the created secret. This is useful for verifying which secret is used for authentication. + Stability: Preview + """ + secretId: String! @stability(level: Preview) +} + +"Input for specifying the authentication. The kind field is used to select which optional input to use." +input AzureEventHubsAuthenticationInput { + "Kind of authentication to use." + kind: AzureEventHubsAuthenticationKind! + + "Authentication method using a service principal with a secret. The secret is stored in a secrets manager." + clientSecretCredentials: AzureEventHubsAuthenticationclientSecretCredentialsInput +} + +"Kind of authentication to use." +enum AzureEventHubsAuthenticationKind { + """ + Authentication method using a service principal with a secret. The secret is stored in a secrets manager. + Stability: Preview + """ + ClientSecretCredentials @stability(level: Preview) + + """ + LogScale configuration authentication. + Stability: Preview + """ + LogScaleConfig @stability(level: Preview) +} + +"LogScale configuration authentication." +type AzureEventHubsAuthenticationLogScaleConfig { + """ + Field that allows for representing an empty object, this field does not represent anything + Stability: Preview + """ + noOp: Boolean! @stability(level: Preview) +} + +"Input for specifying the authentication. The kind field is used to select which optional input to use." +input AzureEventHubsAuthenticationUpdate { + "Kind of authentication to use." + kind: AzureEventHubsAuthenticationKind! + + "Authentication method using a service principal with a secret. The secret is stored in a secrets manager." + clientSecretCredentials: AzureEventHubsAuthenticationclientSecretCredentialsUpdate +} + +input AzureEventHubsAuthenticationclientSecretCredentialsInput { + "Client id of the specific app used for authentication." + clientId: String! + + "The created secret, which is stored in the secret manager." + clientSecret: String! + + "Tenant id of the tenant the specific app, used for authentication, belongs to." + tenantId: String! + + "The id of the created secret. This is useful for verifying which secret is used for authentication." + secretId: String! +} + +input AzureEventHubsAuthenticationclientSecretCredentialsUpdate { + "Client id of the specific app used for authentication." + clientId: String + + "The created secret, which is stored in the secret manager." + clientSecret: String + + "Tenant id of the tenant the specific app, used for authentication, belongs to." + tenantId: String + + "The id of the created secret. This is useful for verifying which secret is used for authentication." + secretId: String +} + +"Specifies a point in the the Event Hub." +union AzureEventHubsCheckPoint = AzureEventHubsCheckpointEarliest | AzureEventHubsCheckpointLatest | AzureEventHubsCheckpointPoint + +"Oldest available event in the Event Hub, ensuring no historical data is missed but potentially processing a large backlog." +type AzureEventHubsCheckpointEarliest { + """ + Field that allows for representing an empty object, this field does not represent anything + Stability: Preview + """ + noOp: Boolean! @stability(level: Preview) +} + +"Configuration for how the Event Hub checkpoints should be handled." +union AzureEventHubsCheckpointHandling = AzureEventHubsCheckpointHandlingBlobStorage + +"Configuration for using blob storage for storing the checkpoint for the Event Hub." +type AzureEventHubsCheckpointHandlingBlobStorage { + """ + Endpoint for blob storage, used for Event Hub checkpoints. + Stability: Preview + """ + blobStorageEndpoint: String! @stability(level: Preview) + + """ + Name of the blob storage container, used for Event Hub checkpoints. + Stability: Preview + """ + containerName: String! @stability(level: Preview) +} + +input AzureEventHubsCheckpointHandlingBlobStorageInput { + "Endpoint for blob storage, used for Event Hub checkpoints." + blobStorageEndpoint: String! + + "Name of the blob storage container, used for Event Hub checkpoints." + containerName: String! +} + +"Input for specifying checkpoint handling. The kind field is used to select which optional input to use." +input AzureEventHubsCheckpointHandlingInput { + "Kind of checkpoint handling to use." + kind: AzureEventHubsCheckpointHandlingKind! + + "Configuration for using blob storage for storing the checkpoint for the Event Hub." + blobStorage: AzureEventHubsCheckpointHandlingBlobStorageInput +} + +"Kind of checkpoint handling to use." +enum AzureEventHubsCheckpointHandlingKind { + """ + Configuration for using blob storage for storing the checkpoint for the Event Hub. + Stability: Preview + """ + BlobStorage @stability(level: Preview) +} + +"Input for specifying a checkpoint. The kind field is used to select which optional input to use." +input AzureEventHubsCheckpointInput { + "Kind of checkpoint to use." + kind: AzureEventHubsCheckpointKind! + + "Specific event in the Event Hub, identified by its sequence number." + point: AzureEventHubsCheckpointPointInput +} + +"Kind of checkpoint to use." +enum AzureEventHubsCheckpointKind { + """ + Oldest available event in the Event Hub, ensuring no historical data is missed but potentially processing a large backlog. + Stability: Preview + """ + Earliest @stability(level: Preview) + + """ + The most recent event in the Event Hub. + Stability: Preview + """ + Latest @stability(level: Preview) + + """ + Specific event in the Event Hub, identified by its sequence number. + Stability: Preview + """ + Point @stability(level: Preview) +} + +"The most recent event in the Event Hub." +type AzureEventHubsCheckpointLatest { + """ + Field that allows for representing an empty object, this field does not represent anything + Stability: Preview + """ + noOp: Boolean! @stability(level: Preview) +} + +"Specific event in the Event Hub, identified by its sequence number." +type AzureEventHubsCheckpointPoint { + """ + A unique identifier for each event in the Event Hub, used to pinpoint exact positions in the event stream. + Stability: Preview + """ + sequenceNumber: Long! @stability(level: Preview) +} + +input AzureEventHubsCheckpointPointInput { + "A unique identifier for each event in the Event Hub, used to pinpoint exact positions in the event stream." + sequenceNumber: Long! +} + +"The preprocessing to apply to an ingest feed before parsing." +union AzureEventHubsPreprocessing = AzureEventHubsPreprocessingSplitNewLine | AzureEventHubsPreprocessingSplitAzureRecords | AzureEventHubsPreprocessingReadWhole + +"Input for specifying the preprocessing. The kind field is used to select which optional input to use." +input AzureEventHubsPreprocessingInput { + "Kind of preprocessing to use." + kind: AzureEventHubsPreprocessingKind! +} + +"Kind of preprocessing to to use." +enum AzureEventHubsPreprocessingKind { + """ + Interprets the event hub event as newline-delimited and emit each line as an event. + Stability: Preview + """ + SplitNewLine @stability(level: Preview) + + """ + Interprets the event hub event Azure JSON record format and emit each record as an event. + Stability: Preview + """ + SplitAzureRecords @stability(level: Preview) + + """ + Interprets the event hub event as one LogScale event. + Stability: Preview + """ + ReadWhole @stability(level: Preview) +} + +"Interprets the event hub event as one LogScale event." +type AzureEventHubsPreprocessingReadWhole { + """ + Field that allows for representing an empty object, this field does not represent anything + Stability: Preview + """ + noOp: Boolean! @stability(level: Preview) +} + +"Interprets the event hub event Azure JSON record format and emit each record as an event." +type AzureEventHubsPreprocessingSplitAzureRecords { + """ + Field that allows for representing an empty object, this field does not represent anything + Stability: Preview + """ + noOp: Boolean! @stability(level: Preview) +} + +"Interprets the event hub event as newline-delimited and emit each line as an event." +type AzureEventHubsPreprocessingSplitNewLine { + """ + Field that allows for representing an empty object, this field does not represent anything + Stability: Preview + """ + noOp: Boolean! @stability(level: Preview) +} + +"Payload for specifying targets for batch updating query ownership" input BatchUpdateQueryOwnershipInput { -""" -Payload for specifying targets for batch updating query ownership -""" - targetType: QueryOwnership_SelectionTargetType! -""" -Payload for specifying targets for batch updating query ownership -""" - ids: [String!]! + "The type to update." + targetType: QueryOwnership_SelectionTargetType! + + "The set of ids to update." + ids: [String!]! } +"The `BigDecimal` scalar type represents signed fractional values with arbitrary precision." +scalar BigDecimal + +"The `BigInt` scalar type represents non-fractional signed whole numeric values. BigInt can represent arbitrary big values." +scalar BigInt + type BlockIngestMutation { -""" -Stability: Short-term -""" - repository: Repository! + "Stability: Short-term" + repository: Repository! @stability(level: ShortTerm) } input BlockIngestOnOrgInput { - blockIngest: Boolean! + blockIngest: Boolean! +} + +"A regex pattern used to filter queries before they are executed." +type BlockedQuery { + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + expiresAt: DateTime @stability(level: LongTerm) + + "Stability: Long-term" + expiresInMilliseconds: Int @stability(level: LongTerm) + + "Stability: Long-term" + pattern: String! @stability(level: LongTerm) + + "Stability: Long-term" + type: BlockedQueryMatcherType! @stability(level: LongTerm) + + "Stability: Long-term" + view: View @stability(level: LongTerm) + + """ + The organization owning the pattern or view, if any. + Stability: Long-term + """ + organization: Organization @stability(level: LongTerm) + + "Stability: Long-term" + limitedToOrganization: Boolean! @stability(level: LongTerm) + + """ + True if the current actor is allowed the remove this pattern + Stability: Long-term + """ + unblockAllowed: Boolean! @stability(level: LongTerm) +} + +enum BlockedQueryMatcherType { + EXACT + REGEX } type BooleanResultType { -""" -Stability: Long-term -""" - result: Boolean! + "Stability: Long-term" + result: Boolean! @stability(level: LongTerm) } -""" -By proxy authentication. Authentication is provided by proxy. -""" -type ByProxyAuthentication implements AuthenticationMethod{ -""" -Stability: Long-term -""" - name: String! +"Bucket storage configuration for the organization" +type BucketStorageConfig { + """ + The primary bucket storage of the organization + Stability: Long-term + """ + targetBucketId1: String! @stability(level: LongTerm) + + """ + The secondary bucket storage of the organization + Stability: Long-term + """ + targetBucketId2: String @stability(level: LongTerm) +} + +"By proxy authentication. Authentication is provided by proxy." +type ByProxyAuthentication implements AuthenticationMethod { + "Stability: Long-term" + name: String! @stability(level: LongTerm) } """ @@ -726,11 +1992,17 @@ A cache policy can be set either on one of three levels (in order of precedence) - Globally When determining the cache policy for a repo we first check if there is a cache - policy set on the repo. If none is set on the repo, we check the the org. If none + policy set on the repo. If none is set on the repo, we check the org. If none is set there either we check the global setting. - """ -input CachePolicyInput { +type CachePolicy { + """ + Prioritize caching segments younger than this + Stability: Preview + """ + prioritizeMillis: Long @stability(level: Preview) +} + """ A policy for choosing which segments to cache on local disk when overcommiting local storage with bucket storage. @@ -748,24079 +2020,21883 @@ A cache policy can be set either on one of three levels (in order of precedence) - Globally When determining the cache policy for a repo we first check if there is a cache - policy set on the repo. If none is set on the repo, we check the the org. If none + policy set on the repo. If none is set on the repo, we check the org. If none is set there either we check the global setting. - """ - prioritizeMillis: Long +input CachePolicyInput { + "Prioritize caching segments younger than this" + prioritizeMillis: Long } -input CancelRedactEventsInput { - repositoryName: String! - redactionTaskId: String! +"Input for canceling the deletion of a secret handle." +input CancelDeleteSecretHandleInput { + "Name or id of the repository of the secret handle." + repositoryNameOrId: RepoOrViewName! + + "Id of the secret handle." + id: String! } -""" -Data for clearing the error on an aggregate alert. -""" -input ClearErrorOnAggregateAlertInput { -""" -Data for clearing the error on an aggregate alert. -""" - viewName: RepoOrViewName! -""" -Data for clearing the error on an aggregate alert. -""" - id: String! +input CancelRedactEventsInput { + repositoryName: String! + redactionTaskId: String! } -""" -Data for clearing the error on an alert -""" +enum Changes { + Added + NoChange + Removed +} + +"Data for checking a local cluster connection" +input CheckLocalClusterConnectionInput { + "Id of the connection to check" + connectionId: String + + "Name or id of the local view to connect with" + targetViewName: String! + + "Additional tags that can be used to filter queries" + tags: [ClusterConnectionInputTag!] + + "Filter query that restricts the data visible through this connection" + queryPrefix: String +} + +"Data for checking a remote cluster connection" +input CheckRemoteClusterConnectionInput { + "Id of the connection to check. Must be supplied if the token is not supplied" + connectionId: String + + "Name of the multi-cluster view to which the connection belongs. Must be supplied if the token is not supplied" + multiClusterViewName: String + + "Public URL of the remote cluster to connect with" + publicUrl: String! + + "Access token for the remote view to connect with. Can be omitted if checking an existing connection with no token change" + token: String + + "Additional tags that can be used to filter queries" + tags: [ClusterConnectionInputTag!] + + "Filter query that restricts the data visible through this connection" + queryPrefix: String +} + +"An organization search result set" +type ChildOrganizationsResultSet { + """ + The total number of matching results + Stability: Preview + """ + totalResults: Int! @stability(level: Preview) + + """ + The paginated result set + Stability: Preview + """ + results: [Organization!]! @stability(level: Preview) +} + +"Data for clearing the error on an aggregate alert." +input ClearErrorOnAggregateAlertInput { + "Name of the view of the aggregate alert." + viewName: RepoOrViewName! + + "Id of the aggregate alert." + id: String! +} + +"Data for clearing the error on an alert" input ClearErrorOnAlertInput { -""" -Data for clearing the error on an alert -""" - viewName: String! -""" -Data for clearing the error on an alert -""" - id: String! + "Name of the view of the legacy alert." + viewName: String! + + "Id of the legacy alert." + id: String! } -""" -Data for clearing the error on a filter alert -""" +"Data for clearing the error on a filter alert" input ClearErrorOnFilterAlertInput { -""" -Data for clearing the error on a filter alert -""" - viewName: RepoOrViewName! -""" -Data for clearing the error on a filter alert -""" - id: String! + "Name of the view of the filter alert." + viewName: RepoOrViewName! + + "Id of the filter alert." + id: String! } -""" -Data for clearing the error on a scheduled search -""" +"Data for clearing the error on a scheduled search" input ClearErrorOnScheduledSearchInput { -""" -Data for clearing the error on a scheduled search -""" - viewName: String! -""" -Data for clearing the error on a scheduled search -""" - id: String! + "Name of the view of the scheduled search." + viewName: String! + + "Id of the scheduled search." + id: String! } input ClearFieldConfigurationsInput { - viewOrRepositoryName: String! + viewOrRepositoryName: String! } input ClearRecentQueriesInput { - viewOrRepositoryName: String! + viewOrRepositoryName: String! } -""" -Data for clearing the search limit on a search domain. -""" +"Data for clearing the search limit on a search domain." input ClearSearchLimitForSearchDomain { -""" -Data for clearing the search limit on a search domain. -""" - id: String! + "Id of the view." + id: String! } -""" -Input data to clone an existing parser -""" -input CloneParserInput { -""" -Input data to clone an existing parser -""" - newParserName: String! -""" -Input data to clone an existing parser -""" - repositoryName: String! -""" -Input data to clone an existing parser -""" - parserIdToClone: String! -} +"Identifies a client of the query." +type Client { + "Stability: Long-term" + externalId: String! @stability(level: LongTerm) -""" -Whether a column has been added or removed at the given index -""" -input ColumnChange { -""" -Whether a column has been added or removed at the given index -""" - changeKind: ColumnChangeKind! -""" -Whether a column has been added or removed at the given index -""" - index: Int! + "Stability: Long-term" + ip: String @stability(level: LongTerm) + + "Stability: Long-term" + user: String @stability(level: LongTerm) } -enum ColumnChangeKind { - Remove - Add +"Input data to clone an existing parser" +input CloneParserInput { + "Name of the new parser" + newParserName: String! + + "Name of the repository" + repositoryName: String! + + "Id of the parser to clone" + parserIdToClone: String! } -input ConflictResolutionConfiguration { - entityType: AssetType! - entityName: String! - conflictResolution: MergeStrategy! +"Information about the LogScale cluster." +type Cluster { + "Stability: Long-term" + nodes: [ClusterNode!]! @stability(level: LongTerm) + + "Stability: Long-term" + clusterManagementSettings: ClusterManagementSettings! @stability(level: LongTerm) + + "Stability: Long-term" + clusterInfoAgeSeconds: Float! @stability(level: LongTerm) + + "Stability: Long-term" + underReplicatedSegmentSize: Float! @stability(level: LongTerm) + + "Stability: Long-term" + overReplicatedSegmentSize: Float! @stability(level: LongTerm) + + "Stability: Long-term" + missingSegmentSize: Float! @stability(level: LongTerm) + + "Stability: Long-term" + properlyReplicatedSegmentSize: Float! @stability(level: LongTerm) + + "Stability: Long-term" + inBucketStorageSegmentSize: Float! @stability(level: LongTerm) + + "Stability: Long-term" + pendingBucketStorageSegmentSize: Float! @stability(level: LongTerm) + + "Stability: Long-term" + pendingBucketStorageRiskySegmentSize: Float! @stability(level: LongTerm) + + "Stability: Long-term" + targetUnderReplicatedSegmentSize: Float! @stability(level: LongTerm) + + "Stability: Long-term" + targetOverReplicatedSegmentSize: Float! @stability(level: LongTerm) + + "Stability: Long-term" + targetMissingSegmentSize: Float! @stability(level: LongTerm) + + "Stability: Long-term" + targetProperlyReplicatedSegmentSize: Float! @stability(level: LongTerm) + + "Stability: Long-term" + ingestPartitions: [IngestPartition!]! @stability(level: LongTerm) + + "Stability: Short-term" + storageReplicationFactor: Int @stability(level: ShortTerm) + + "Stability: Short-term" + digestReplicationFactor: Int @stability(level: ShortTerm) + + "Stability: Short-term" + stats: ClusterStats! @stability(level: ShortTerm) + + """ + The default cache policy of this cluster. + Stability: Preview + """ + defaultCachePolicy: CachePolicy @stability(level: Preview) } -type CopyDashboardMutation { -""" -Stability: Long-term -""" - dashboard: Dashboard! +"A cluster connection." +interface ClusterConnection { + """ + Id of the connection + Stability: Short-term + """ + id: String! @stability(level: ShortTerm) + + """ + Cluster identity of the connection + Stability: Short-term + """ + clusterId: String! @stability(level: ShortTerm) + + """ + Cluster connection tags + Stability: Short-term + """ + tags: [ClusterConnectionTag!]! @stability(level: ShortTerm) + + """ + Cluster connection query prefix + Stability: Short-term + """ + queryPrefix: String! @stability(level: ShortTerm) } -type CreateActionFromPackageTemplateMutation { -""" -Stability: Long-term -""" - action: Action! +input ClusterConnectionInputTag { + key: String! + value: String! } -""" -Data for creating an action from a yaml template -""" -input CreateActionFromTemplateInput { -""" -Data for creating an action from a yaml template -""" - viewName: RepoOrViewName! -""" -Data for creating an action from a yaml template -""" - name: String! -""" -Data for creating an action from a yaml template -""" - yamlTemplate: YAML! +"The status of a cluster connection." +interface ClusterConnectionStatus { + """ + Id of the connection + Stability: Short-term + """ + id: String @stability(level: ShortTerm) + + """ + Whether the connection is valid + Stability: Short-term + """ + isValid: Boolean! @stability(level: ShortTerm) + + """ + Errors if the connection is invalid + Stability: Short-term + """ + errorMessages: [ConnectionAspectErrorType!]! @stability(level: ShortTerm) +} + +"Tag for identifiying the cluster connection" +type ClusterConnectionTag { + """ + Cluster Connection tag key + Stability: Short-term + """ + key: String! @stability(level: ShortTerm) + + """ + Value for the cluster connection tag + Stability: Short-term + """ + value: String! @stability(level: ShortTerm) } -""" -Data for creating an aggregate alert. -""" -input CreateAggregateAlert { -""" -Data for creating an aggregate alert. -""" - viewName: RepoOrViewName! -""" -Data for creating an aggregate alert. -""" - name: String! -""" -Data for creating an aggregate alert. -""" - description: String -""" -Data for creating an aggregate alert. -""" - queryString: String! -""" -Data for creating an aggregate alert. -""" - actionIdsOrNames: [String!]! -""" -Data for creating an aggregate alert. -""" - labels: [String!] -""" -Data for creating an aggregate alert. -""" - enabled: Boolean -""" -Data for creating an aggregate alert. -""" - throttleTimeSeconds: Long! -""" -Data for creating an aggregate alert. -""" - throttleField: String -""" -Data for creating an aggregate alert. -""" - searchIntervalSeconds: Long! -""" -Data for creating an aggregate alert. -""" - queryTimestampType: QueryTimestampType! -""" -Data for creating an aggregate alert. -""" - triggerMode: TriggerMode -""" -Data for creating an aggregate alert. -""" - runAsUserId: String -""" -Data for creating an aggregate alert. -""" - queryOwnershipType: QueryOwnershipType! +"Settings for the LogScale cluster." +type ClusterManagementSettings { + """ + Replication factor for segments + Stability: Long-term + """ + segmentReplicationFactor: Int! @stability(level: LongTerm) + + """ + Replication factor for the digesters + Stability: Long-term + """ + digestReplicationFactor: Int! @stability(level: LongTerm) + + """ + Percentage of all hosts relevant to a particular cluster rebalance operation that need to be alive before we allow the system to automatically execute the operation. Cluster rebalance operations currently include reassigning digest work, and moving existing segments to balance disk usage. Value is between 0 and 100, both inclusive + Stability: Long-term + """ + minHostAlivePercentageToEnableClusterRebalancing: Int! @stability(level: LongTerm) + + """ + Whether or not desired digesters are allowed to be updated automatically + Stability: Short-term + """ + allowUpdateDesiredDigesters: Boolean! @stability(level: ShortTerm) + + """ + true if the cluster should allow moving existing segments between nodes to achieve a better data distribution + Stability: Short-term + """ + allowRebalanceExistingSegments: Boolean! @stability(level: ShortTerm) +} + +"A node in the a LogScale Cluster." +type ClusterNode { + "Stability: Long-term" + id: Int! @stability(level: LongTerm) + + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + zone: String @stability(level: LongTerm) + + "Stability: Long-term" + uri: String! @stability(level: LongTerm) + + "Stability: Long-term" + uuid: String! @stability(level: LongTerm) + + "Stability: Long-term" + humioVersion: String! @stability(level: LongTerm) + + "Stability: Short-term" + supportedTasks: [NodeTaskEnum!]! @stability(level: ShortTerm) + + "Stability: Short-term" + assignedTasks: [NodeTaskEnum!] @stability(level: ShortTerm) + + "Stability: Short-term" + unassignedTasks: [NodeTaskEnum!] @stability(level: ShortTerm) + + "Stability: Short-term" + consideredAliveUntil: DateTime @stability(level: ShortTerm) + + "Stability: Long-term" + clusterInfoAgeSeconds: Float! @stability(level: LongTerm) + + """ + The size in GB of data this node needs to receive. + Stability: Long-term + """ + inboundSegmentSize: Float! @stability(level: LongTerm) + + """ + The size in GB of data this node has that others need. + Stability: Short-term + """ + outboundSegmentSize: Float! @stability(level: ShortTerm) + + "Stability: Long-term" + canBeSafelyUnregistered: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + reasonsNodeCannotBeSafelyUnregistered: ReasonsNodeCannotBeSafelyUnregistered! @stability(level: LongTerm) + + """ + The size in GB of data currently on this node. + Stability: Long-term + """ + currentSize: Float! @stability(level: LongTerm) + + """ + The size in GB of the data currently on this node that are in the primary storage location. + Stability: Long-term + """ + primarySize: Float! @stability(level: LongTerm) + + """ + The size in GB of the data currently on this node that are in the secondary storage location. Zero if no secondary is configured. + Stability: Long-term + """ + secondarySize: Float! @stability(level: LongTerm) + + """ + The total size in GB of the primary storage location on this node. + Stability: Long-term + """ + totalSizeOfPrimary: Float! @stability(level: LongTerm) + + """ + The total size in GB of the secondary storage location on this node. Zero if no secondary is configured. + Stability: Long-term + """ + totalSizeOfSecondary: Float! @stability(level: LongTerm) + + """ + The size in GB of the free space on this node of the primary storage location. + Stability: Long-term + """ + freeOnPrimary: Float! @stability(level: LongTerm) + + """ + The size in GB of the free space on this node of the secondary storage location. Zero if no secondary is configured. + Stability: Long-term + """ + freeOnSecondary: Float! @stability(level: LongTerm) + + """ + The size in GB of work-in-progress data files. + Stability: Long-term + """ + wipSize: Float! @stability(level: LongTerm) + + """ + The size in GB of data once the node has received the data allocated to it. + Stability: Long-term + """ + targetSize: Float! @stability(level: LongTerm) + + """ + The size in GB of data that only exists on this node - i.e. only one replica exists in the cluster. + Stability: Long-term + """ + solitarySegmentSize: Float! @stability(level: LongTerm) + + """ + A flag indicating whether the node is considered up or down by the cluster coordinated. This is based on the `lastHeartbeat` field. + Stability: Long-term + """ + isAvailable: Boolean! @stability(level: LongTerm) + + """ + The last time a heartbeat was received from the node. + Stability: Long-term + """ + lastHeartbeat: DateTime! @stability(level: LongTerm) + + """ + The time since a heartbeat was received from the node. + Stability: Long-term + """ + timeSinceLastHeartbeat: Long! @stability(level: LongTerm) + + """ + A flag indicating whether the node is marked for eviction. The Falcon LogScale cluster will start to move segments, digesters and queries away from any node marked for eviction + Stability: Long-term + """ + isBeingEvicted: Boolean @stability(level: LongTerm) + + """ + Contains data describing the status of eviction + Stability: Long-term + """ + evictionStatus: EvictionStatus! @stability(level: LongTerm) + + """ + True if the machine the node runs on has local segment storage + Stability: Long-term + """ + hasStorageRole: Boolean! @stability(level: LongTerm) + + """ + True if the machine the node runs on has the possibility to process kafka partitions + Stability: Long-term + """ + hasDigestRole: Boolean! @stability(level: LongTerm) + + """ + The time at which the host booted + Stability: Long-term + """ + bootedAt: DateTime! @stability(level: LongTerm) + + """ + The time since last boot + Stability: Long-term + """ + timeSinceBooted: Long! @stability(level: LongTerm) +} + +"Global stats for the cluster" +type ClusterStats { + "Stability: Long-term" + compressedByteSize: Long! @stability(level: LongTerm) + + "Stability: Long-term" + uncompressedByteSize: Long! @stability(level: LongTerm) + + "Stability: Long-term" + compressedByteSizeOfMerged: Long! @stability(level: LongTerm) + + "Stability: Long-term" + uncompressedByteSizeOfMerged: Long! @stability(level: LongTerm) } -""" -Data for creating an alert -""" -input CreateAlert { -""" -Data for creating an alert -""" - viewName: String! -""" -Data for creating an alert -""" - name: String! -""" -Data for creating an alert -""" - description: String -""" -Data for creating an alert -""" - queryString: String! -""" -Data for creating an alert -""" - queryStart: String! -""" -Data for creating an alert -""" - throttleTimeMillis: Long! -""" -Data for creating an alert -""" - throttleField: String -""" -Data for creating an alert -""" - runAsUserId: String -""" -Data for creating an alert -""" - enabled: Boolean -""" -Data for creating an alert -""" - actions: [String!]! -""" -Data for creating an alert -""" - labels: [String!] -""" -Data for creating an alert -""" - queryOwnershipType: QueryOwnershipType +"A static or a themed color" +union Color = StaticColor | ThemedColor + +"Whether a column has been added or removed at a given index." +input ColumnChange { + "Kind of change" + changeKind: ColumnChangeKind! + + "Index of column to change" + index: Int! } -type CreateAlertFromPackageTemplateMutation { -""" -Stability: Long-term -""" - alert: Alert! +enum ColumnChangeKind { + Add + Remove } -""" -Data for creating an alert from a yaml template -""" -input CreateAlertFromTemplateInput { -""" -Data for creating an alert from a yaml template -""" - viewName: RepoOrViewName! -""" -Data for creating an alert from a yaml template -""" - name: String! -""" -Data for creating an alert from a yaml template -""" - yamlTemplate: YAML! +"Arguments for concatenateQueries" +input ConcatenateQueriesArguments { + queryStrings: [String!]! + version: LanguageVersionInputType! } -""" -Data for creating an ingest feed that uses AWS S3 and SQS -""" -input CreateAwsS3SqsIngestFeed { -""" -Data for creating an ingest feed that uses AWS S3 and SQS -""" - repositoryName: RepoOrViewName! -""" -Data for creating an ingest feed that uses AWS S3 and SQS -""" - name: String! -""" -Data for creating an ingest feed that uses AWS S3 and SQS -""" - description: String -""" -Data for creating an ingest feed that uses AWS S3 and SQS -""" - parser: String! -""" -Data for creating an ingest feed that uses AWS S3 and SQS -""" - authentication: IngestFeedAwsAuthenticationInput! -""" -Data for creating an ingest feed that uses AWS S3 and SQS -""" - sqsUrl: String! -""" -Data for creating an ingest feed that uses AWS S3 and SQS -""" - region: String! -""" -Data for creating an ingest feed that uses AWS S3 and SQS -""" - enabled: Boolean! -""" -Data for creating an ingest feed that uses AWS S3 and SQS -""" - preprocessing: IngestFeedPreprocessingInput! -""" -Data for creating an ingest feed that uses AWS S3 and SQS -""" - compression: IngestFeedCompression! +input ConflictResolutionConfiguration { + entityType: AssetType! + entityName: String! + conflictResolution: MergeStrategy! } -input CreateCrossOrgViewInput { - name: String! - connections: [CrossOrganizationViewConnectionInputModel!]! +"Denotes an aspect of a cluster connection." +enum ConnectionAspect { + Tag + QueryPrefix + Other + TargetView + PublicUrl + Token } -input CreateCustomLinkInteractionInput { - path: String! - customLinkInteractionInput: CustomLinkInteractionInput! +"A key-value pair from a connection aspect to an error message pertaining to that aspect" +type ConnectionAspectErrorType { + """ + A connection aspect + Stability: Short-term + """ + aspect: ConnectionAspect! @stability(level: ShortTerm) + + """ + An error message for the connection, tagged by the relevant aspect + Stability: Short-term + """ + error: String! @stability(level: ShortTerm) } -type CreateDashboardFromPackageTemplateMutation { -""" -Stability: Long-term -""" - dashboard: Dashboard! +type CopyDashboardMutation { + "Stability: Long-term" + dashboard: Dashboard! @stability(level: LongTerm) } -""" -Data for creating a dashboard from a yaml specification. -""" -input CreateDashboardFromTemplateV2Input { -""" -Data for creating a dashboard from a yaml specification. -""" - viewName: RepoOrViewName! -""" -Data for creating a dashboard from a yaml specification. -""" - name: String! -""" -Data for creating a dashboard from a yaml specification. -""" - yamlTemplate: YAML! +type CopySavedQueryMutation { + "Stability: Long-term" + savedQuery: SavedQuery! @stability(level: LongTerm) } -input CreateDashboardInput { - searchDomainName: String! - name: String! - labels: [String!] - widgets: [WidgetInput!] - sections: [SectionInput!] - links: [LinkInput!] - defaultFilterId: String - filters: [FilterInput!] - parameters: [ParameterInput!] - description: String - updateFrequency: DashboardUpdateFrequencyInput - series: [SeriesConfigInput!] +type CorrelateUsageInfo { + """ + Indicates if the correlated event are sequenced. + Stability: Preview + """ + isSequenced: Boolean! @stability(level: Preview) + + """ + Indicates if the events in the query result will have correlate format. + Stability: Preview + """ + isFormatPreservedInOutput: Boolean! @stability(level: Preview) + + """ + The names, in order, of the queries used in correlate. + Stability: Preview + """ + queryNames: [String!]! @stability(level: Preview) } -input CreateDashboardLinkInteractionInput { - path: String! - dashboardLinkInteractionInput: DashboardLinkInteractionInput! +type CreateActionFromPackageTemplateMutation { + "Stability: Long-term" + action: Action! @stability(level: LongTerm) } -type CreateDashboardMutation { -""" -Stability: Long-term -""" - dashboard: Dashboard! +"Data for creating an action from a yaml template" +input CreateActionFromTemplateInput { + "Name of the view of the action." + viewName: RepoOrViewName! + + "Optional name for the action. If not provided, the name in the template will be used." + name: String + + "YAML specification of the action." + yamlTemplate: YAML! } -""" -Data for creating an email action -""" -input CreateEmailAction { -""" -Data for creating an email action -""" - viewName: String! -""" -Data for creating an email action -""" - name: String! -""" -Data for creating an email action -""" - recipients: [String!]! -""" -Data for creating an email action -""" - subjectTemplate: String -""" -Data for creating an email action -""" - bodyTemplate: String -""" -Data for creating an email action -""" - useProxy: Boolean! -""" -Data for creating an email action -""" - attachCsv: Boolean -} +"Data for creating an aggregate alert." +input CreateAggregateAlert { + "Name of the view of the aggregate alert." + viewName: RepoOrViewName! -""" -Data for creating an event forwarding rule -""" -input CreateEventForwardingRule { -""" -Data for creating an event forwarding rule -""" - repoName: String! -""" -Data for creating an event forwarding rule -""" - queryString: String! -""" -Data for creating an event forwarding rule -""" - eventForwarderId: String! -""" -Data for creating an event forwarding rule -""" - languageVersion: LanguageVersionEnum -} + "Name of the aggregate alert." + name: String! -""" -Data for creating an FDR feed -""" -input CreateFdrFeed { -""" -Data for creating an FDR feed -""" - repositoryName: String! -""" -Data for creating an FDR feed -""" - name: String! -""" -Data for creating an FDR feed -""" - description: String -""" -Data for creating an FDR feed -""" - parser: String! -""" -Data for creating an FDR feed -""" - clientId: String! -""" -Data for creating an FDR feed -""" - clientSecret: String! -""" -Data for creating an FDR feed -""" - sqsUrl: String! -""" -Data for creating an FDR feed -""" - s3Identifier: String! -""" -Data for creating an FDR feed -""" - enabled: Boolean -} + "Description of the aggregate alert." + description: String -input CreateFieldAliasSchemaFromTemplateInput { - yamlTemplate: String! - name: String! + "LogScale query to execute." + queryString: String! + + "List of ids or names for actions to fire on query result. At most 10 actions can be added. Actions in packages can be referred to as \"packagescope/packagename:actionname\"." + actionIdsOrNames: [String!]! + + "Labels attached to the aggregate alert." + labels: [String!] = [] + + "Flag indicating whether the aggregate alert is enabled." + enabled: Boolean = true + + "Throttle time in seconds." + throttleTimeSeconds: Long! + + "A field to throttle on. Can only be set if throttleTimeSeconds is set." + throttleField: String + + "Search interval in seconds. Valid values are: 1-80 minutes in seconds divisible by 60 (60, 120, ..., 4800 seconds), 82-180 minutes in seconds divisible by 120 (4920, 5040, ..., 10800 seconds) and 4-24 hours in seconds divisible by 3600 (14400, 18000, ..., 86400 seconds)." + searchIntervalSeconds: Long! + + "Timestamp type to use for a query." + queryTimestampType: QueryTimestampType! + + "Trigger mode used for triggering the alert." + triggerMode: TriggerMode + + "The aggregate alert will run with the permissions of the user corresponding to this id if 'queryOwnershipType' is set to User. If 'queryOwnershipType' is set to Organization, whilst 'runAsUserId' is set, this will result in an error. If not specified, the scheduled search will run with the permissions of the calling user. It requires the 'ChangeTriggersToRunAsOtherUsers' permission to set this field to a user id different from the calling user." + runAsUserId: String + + "Ownership of the query run by this aggregate alert. If value is User, ownership will be based on the 'runAsUserId' field." + queryOwnershipType: QueryOwnershipType! } -input CreateFieldAliasSchemaInput { - name: String! - fields: [SchemaFieldInput!]! - aliasMappings: [AliasMappingInput!] +"Data for creating an alert" +input CreateAlert { + "Name of the view of the legacy alert." + viewName: String! + + "Name of the alert." + name: String! + + "Description of the alert." + description: String + + "LogScale query to execute." + queryString: String! + + "Start of the relative time interval for the query." + queryStart: String! + + "Throttle time in milliseconds." + throttleTimeMillis: Long! + + "Field to throttle on." + throttleField: String + + "The alert will run with the permissions of the user corresponding to this id if 'queryOwnershipType' is set to User. If 'queryOwnershipType' is set to Organization, whilst 'runAsUserId' is set, this will result in an error. If not specified, the scheduled search will run with the permissions of the calling user. It requires the 'ChangeTriggersToRunAsOtherUsers' permission to set this field to a user id different from the calling user." + runAsUserId: String + + "Flag indicating whether the alert is enabled." + enabled: Boolean = true + + "List of ids or names for actions to fire on query result. At most 10 actions can be added. Actions in packages can be referred to as \"packagescope/packagename:actionname\"." + actions: [String!]! + + "Labels attached to the alert." + labels: [String!] = [] + + "Ownership of the query run by this alert. If value is User, ownership will be based on the 'runAsUserId' field." + queryOwnershipType: QueryOwnershipType = User } -""" -Data for creating a filter alert -""" -input CreateFilterAlert { -""" -Data for creating a filter alert -""" - viewName: RepoOrViewName! -""" -Data for creating a filter alert -""" - name: String! -""" -Data for creating a filter alert -""" - description: String -""" -Data for creating a filter alert -""" - queryString: String! -""" -Data for creating a filter alert -""" - actionIdsOrNames: [String!]! -""" -Data for creating a filter alert -""" - labels: [String!] -""" -Data for creating a filter alert -""" - enabled: Boolean -""" -Data for creating a filter alert -""" - throttleTimeSeconds: Long -""" -Data for creating a filter alert -""" - throttleField: String -""" -Data for creating a filter alert -""" - runAsUserId: String -""" -Data for creating a filter alert -""" - queryOwnershipType: QueryOwnershipType! +"Data for creating an ingest feed that uses AWS S3 and SQS" +input CreateAwsS3SqsIngestFeed { + "Name of the repository of the ingest feed." + repositoryName: RepoOrViewName! + + "Name of the ingest feed." + name: String! + + "Description of the ingest feed." + description: String + + "The id or name of the parser that should be used to parse the ingest feed. Parsers in packages can be referred to as: \"packagescope/packagename:parsername\"" + parser: String! + + "How to authenticate to AWS." + authentication: IngestFeedAwsAuthenticationInput! + + "AWS SQS queue url." + sqsUrl: String! + + "The AWS region to connect to." + region: String! + + "Ingest feed enabled state." + enabled: Boolean! + + "The preprocessing to apply to an ingest feed before parsing." + preprocessing: IngestFeedPreprocessingInput! + + "Compression scheme of the file." + compression: IngestFeedCompression! } -""" -Data for creating a LogScale repository action -""" -input CreateHumioRepoAction { -""" -Data for creating a LogScale repository action -""" - viewName: String! -""" -Data for creating a LogScale repository action -""" - name: String! -""" -Data for creating a LogScale repository action -""" - ingestToken: String! +"Data for creating an ingest feed that uses Azure Event Hubs." +input CreateAzureEventHubIngestFeed { + "Name of the repository of the ingest feed." + repositoryName: RepoOrViewName! + + "Name of the ingest feed." + name: String! + + "Description of the ingest feed." + description: String + + "The id or name of the parser that should be used to parse the ingest feed. Parsers in packages can be referred to as: \"packagescope/packagename:parsername\"" + parser: String! + enabled: Boolean! + + "Fully qualified namespace of the Event Hub. Often structured like this: .servicebus.windows.net" + eventHubFullyQualifiedNamespace: String! + + "Name of the Event Hub." + eventHubName: String! + + "Consumer group for the Event Hub" + consumerGroup: String! + + "The preprocessing to apply to an ingest feed before parsing." + preprocessing: AzureEventHubsPreprocessingInput! + + "Authentication method for Azure event hub." + authentication: AzureEventHubsAuthenticationInput! + + "Configuration for how the Event Hub checkpoints should be handled." + checkpointHandling: AzureEventHubsCheckpointHandlingInput! + + "Specifies the starting point for reading events from the Event Hub when no previous checkpoint exists." + defaultCheckpoint: AzureEventHubsCheckpointInput! } -""" -Input data to create an ingest listener -""" -input CreateIngestListenerV3Input { -""" -Input data to create an ingest listener -""" - repositoryName: String! -""" -Input data to create an ingest listener -""" - port: Int! -""" -Input data to create an ingest listener -""" - protocol: IngestListenerProtocol! -""" -Input data to create an ingest listener -""" - vHost: Int -""" -Input data to create an ingest listener -""" - name: String! -""" -Input data to create an ingest listener -""" - bindInterface: String! -""" -Input data to create an ingest listener -""" - parser: String! -""" -Input data to create an ingest listener -""" - charset: String! +input CreateCrossOrgViewInput { + name: String! + connections: [CrossOrganizationViewConnectionInputModel!]! } -""" -Data for creating a Kafka event forwarder -""" -input CreateKafkaEventForwarder { -""" -Data for creating a Kafka event forwarder -""" - name: String! -""" -Data for creating a Kafka event forwarder -""" - description: String! -""" -Data for creating a Kafka event forwarder -""" - properties: String! -""" -Data for creating a Kafka event forwarder -""" - topic: String! -""" -Data for creating a Kafka event forwarder -""" - enabled: Boolean +input CreateCustomLinkInteractionInput { + path: String! + customLinkInteractionInput: CustomLinkInteractionInput! } -""" -Data for creating a local multi-cluster connection -""" -input CreateLocalClusterConnectionInput { -""" -Data for creating a local multi-cluster connection -""" - multiClusterViewName: String! -""" -Data for creating a local multi-cluster connection -""" - targetViewName: String! -""" -Data for creating a local multi-cluster connection -""" - tags: [ClusterConnectionInputTag!] -""" -Data for creating a local multi-cluster connection -""" - queryPrefix: String +type CreateDashboardFromPackageTemplateMutation { + "Stability: Long-term" + dashboard: Dashboard! @stability(level: LongTerm) } -""" -Data for creating an OpsGenie action -""" -input CreateOpsGenieAction { -""" -Data for creating an OpsGenie action -""" - viewName: String! -""" -Data for creating an OpsGenie action -""" - name: String! -""" -Data for creating an OpsGenie action -""" - apiUrl: String! -""" -Data for creating an OpsGenie action -""" - genieKey: String! -""" -Data for creating an OpsGenie action -""" - useProxy: Boolean! +"Data for creating a dashboard from a yaml specification." +input CreateDashboardFromTemplateV2Input { + "Name of the view of the dashboard." + viewName: RepoOrViewName! + + "Optional name for the dashboard. If not provided, the template's name will be used." + name: String + + "YAML specification of the dashboard." + yamlTemplate: YAML! } -""" -The specification of an external function. -""" -input CreateOrUpdateExternalFunctionInput { -""" -The specification of an external function. -""" - name: String! -""" -The specification of an external function. -""" - procedureURL: String! -""" -The specification of an external function. -""" - parameters: [ParameterSpecificationInput!]! -""" -The specification of an external function. -""" - description: String! -""" -The specification of an external function. -""" - kind: KindInput! +input CreateDashboardInput { + searchDomainName: String! + name: String! + labels: [String!] + widgets: [WidgetInput!] + sections: [SectionInput!] + links: [LinkInput!] + defaultFilterId: String + filters: [FilterInput!] + parameters: [ParameterInput!] + description: String + updateFrequency: DashboardUpdateFrequencyInput + series: [SeriesConfigInput!] + seriesColorPalette: String } -input CreateOrganizationPermissionTokenInput { - name: String! - expireAt: Long - ipFilterId: String - permissions: [OrganizationPermission!]! +input CreateDashboardLinkInteractionInput { + path: String! + dashboardLinkInteractionInput: DashboardLinkInteractionInput! } -input CreateOrganizationPermissionsTokenV2Input { - name: String! - expireAt: Long - ipFilterId: String - organizationPermissions: [OrganizationPermission!]! +type CreateDashboardMutation { + "Stability: Long-term" + dashboard: Dashboard! @stability(level: LongTerm) } -""" -The organization permissions token and its associated metadata. -""" -type CreateOrganizationPermissionsTokenV2Output { -""" -The organization permissions token. -Stability: Long-term -""" - token: String! -""" -Metadata about the token. -Stability: Long-term -""" - tokenMetadata: OrganizationPermissionsToken! +"Data for creating an email action" +input CreateEmailAction { + "Name of the view of the action." + viewName: String! + + "Name of the action." + name: String! + + "List of email addresses to send an email to." + recipients: [String!]! + + "Subject of the email. Can be templated with values from the result." + subjectTemplate: String + + "Body of the email. Can be templated with values from the result." + bodyTemplate: String + + "Defines whether the action should use the configured HTTP proxy to send requests." + useProxy: Boolean! + + "Whether the result set should be attached as a CSV file." + attachCsv: Boolean = false + + "Labels to categorize the action." + labels: [String!] } -""" -Data for creating a PagerDuty action. -""" -input CreatePagerDutyAction { -""" -Data for creating a PagerDuty action. -""" - viewName: String! -""" -Data for creating a PagerDuty action. -""" - name: String! -""" -Data for creating a PagerDuty action. -""" - severity: String! -""" -Data for creating a PagerDuty action. -""" - routingKey: String! -""" -Data for creating a PagerDuty action. -""" - useProxy: Boolean! +"Data for creating an event forwarding rule" +input CreateEventForwardingRule { + "The name of the repository that the event forwarding rule is for" + repoName: String! + + "The query string for filtering and mapping the events to forward" + queryString: String! + + "The id of the event forwarder" + eventForwarderId: String! + languageVersion: LanguageVersionEnum = legacy } -type CreateParserFromPackageTemplateMutation { -""" -Stability: Long-term -""" - parser: Parser! +"Data for creating an FDR feed" +input CreateFdrFeed { + "Name of the repository of the FDR feed." + repositoryName: String! + + "Name of the FDR feed." + name: String! + + "Description of the FDR feed." + description: String + + "The id or name of the parser that should be used to parse the FDR data. We recommend using the FDR parser from the crowdstrike/fdr package, which can be referred to as \"crowdstrike/fdr:FDR\"." + parser: String! + + "AWS client id of the FDR feed." + clientId: String! + + "AWS client secret of the FDR feed." + clientSecret: String! + + "AWS SQS queue url of the FDR feed." + sqsUrl: String! + + "AWS S3 Identifier of the FDR feed." + s3Identifier: String! + + "Is ingest from the FDR feed enabled?" + enabled: Boolean = true } -""" -Data for creating a parser from a yaml template -""" -input CreateParserFromTemplateInput { -""" -Data for creating a parser from a yaml template -""" - viewName: RepoOrViewName! -""" -Data for creating a parser from a yaml template -""" - name: String! -""" -Data for creating a parser from a yaml template -""" - yamlTemplate: YAML! +input CreateFieldAliasSchemaFromTemplateInput { + yamlTemplate: String! + name: String! } -input CreateParserInput { - name: String! - testData: [String!]! - sourceCode: String! - repositoryName: String! - tagFields: [String!]! - force: Boolean! - languageVersion: LanguageVersionEnum +input CreateFieldAliasSchemaInput { + name: String! + fields: [SchemaFieldInput!]! + aliasMappings: [AliasMappingInput!] } -""" -Input for creating a parser. -""" -input CreateParserInputV2 { -""" -Input for creating a parser. -""" - name: String! -""" -Input for creating a parser. -""" - script: String! -""" -Input for creating a parser. -""" - testCases: [ParserTestCaseInput!]! -""" -Input for creating a parser. -""" - repositoryName: RepoOrViewName! -""" -Input for creating a parser. -""" - fieldsToTag: [String!]! -""" -Input for creating a parser. -""" - fieldsToBeRemovedBeforeParsing: [String!]! -""" -Input for creating a parser. -""" - allowOverwritingExistingParser: Boolean -""" -Input for creating a parser. -""" - languageVersion: LanguageVersionInputType +"Data for creating a filter alert" +input CreateFilterAlert { + "Name of the view of the filter alert." + viewName: RepoOrViewName! + + "Name of the filter alert." + name: String! + + "Description of the filter alert." + description: String + + "LogScale query to execute." + queryString: String! + + "List of ids or names for actions to fire on query result. At most 10 actions can be added. Actions in packages can be referred to as \"packagescope/packagename:actionname\"." + actionIdsOrNames: [String!]! + + "Labels attached to the filter alert." + labels: [String!] = [] + + "Flag indicating whether the filter alert is enabled." + enabled: Boolean = true + + "Throttle time in seconds." + throttleTimeSeconds: Long + + "A field to throttle on. Can only be set if throttleTimeSeconds is set." + throttleField: String + + "The filter alert will run with the permissions of the user corresponding to this id if 'queryOwnershipType' is set to User. If 'queryOwnershipType' is set to Organization, whilst 'runAsUserId' is set, this will result in an error. If not specified, the scheduled search will run with the permissions of the calling user. It requires the 'ChangeTriggersToRunAsOtherUsers' permission to set this field to a user id different from the calling user." + runAsUserId: String + + "Ownership of the query run by this filter alert. If value is User, ownership will be based on the 'runAsUserId' field." + queryOwnershipType: QueryOwnershipType! } -type CreateParserMutation { -""" -Stability: Long-term -""" - parser: Parser! +"Data for creating a LogScale repository action" +input CreateHumioRepoAction { + "Name of the view of the action." + viewName: String! + + "Name of the action." + name: String! + + "Humio ingest token for the dataspace that the action should ingest into." + ingestToken: String! + + "Labels to categorize the action." + labels: [String!] +} + +"Input data to create an ingest listener" +input CreateIngestListenerV3Input { + "Name of the repository." + repositoryName: String! + + "The TCP/UDP port the ingest listener will listen on." + port: Int! + + "The kind of listener; TCP, UDP, Netflow/UDP, GELF/UDP, GELF/TCP." + protocol: IngestListenerProtocol! + + "The vHost name for the ingest listener." + vHost: Int + + "Name of the ingest listener." + name: String! + + "The ip address that the ingest listener will bind to." + bindInterface: String! + + "Id or name of the parser to assign to the ingest listener. Parsers in packages can be referred to as \"packagescope/packagename:parsername\"." + parser: String! + + "The charset used to decode the event stream." + charset: String! +} + +"Data for creating a Kafka event forwarder" +input CreateKafkaEventForwarder { + "Name of the event forwarder" + name: String! + + "Description of the event forwarder" + description: String! + + "The Kafka producer configuration used to forward events in the form of properties (x.y.z=abc). See https://library.humio.com/humio-server/ingesting-data-event-forwarders.html#kafka-configuration." + properties: String! + + "The Kafka topic the events should be forwarded to" + topic: String! + + "Is the event forwarder enabled" + enabled: Boolean = true +} + +"Data for creating a local multi-cluster connection" +input CreateLocalClusterConnectionInput { + "Name or id of the multi-cluster view to add the connection to" + multiClusterViewName: String! + + "Name or id of the local view to connect with" + targetViewName: String! + + "Additional tags that can be used to filter queries" + tags: [ClusterConnectionInputTag!] + + "Filter query that restricts the data visible through this connection" + queryPrefix: String +} + +"Data for creating an OpsGenie action" +input CreateOpsGenieAction { + "Name of the view of the action." + viewName: String! + + "Name of the action." + name: String! + + "OpsGenie webhook url to send the request to." + apiUrl: String! + + "Key to authenticate with OpsGenie." + genieKey: String! + + "Defines whether the action should use the configured HTTP proxy to send requests." + useProxy: Boolean! + + "Labels for the action. There can be at most 10 labels with a max length of 60 characters per label." + labels: [String!] +} + +"The specification of an external function." +input CreateOrUpdateExternalFunctionInput { + "The name of the external function." + name: String! + + "The URL for the external function." + procedureURL: String! + + "The parameter specifications for the external function." + parameters: [ParameterSpecificationInput!]! + + "The description for the external function." + description: String! + + "The kind of external function. This defines how the external function is executed." + kind: KindInput! +} + +"The input for a remote table config." +input CreateOrUpdateRemoteTableConfigInput { + "The name of the remote table config. Must be unique in the organization. Cannot be empty" + connectionName: String! + + "The description of the remote table config." + connectionDescription: String! + + "The config for a generic remote table." + connectionConfigGeneric: GenericConnectionConfigInput +} + +input CreateOrganizationPermissionTokenInput { + name: String! + expireAt: Long + ipFilterId: String + permissions: [OrganizationPermission!]! +} + +input CreateOrganizationPermissionsTokenV2Input { + name: String! + expireAt: Long + ipFilterId: String + organizationPermissions: [OrganizationPermission!]! +} + +"The organization permissions token and its associated metadata." +type CreateOrganizationPermissionsTokenV2Output { + """ + The organization permissions token. + Stability: Long-term + """ + token: String! @stability(level: LongTerm) + + """ + Metadata about the token. + Stability: Long-term + """ + tokenMetadata: OrganizationPermissionsToken! @stability(level: LongTerm) +} + +"Data for creating a PagerDuty action." +input CreatePagerDutyAction { + "Name of the view of the action." + viewName: String! + + "Name of the action." + name: String! + + "Severity level to give to the message." + severity: String! + + "Routing key to authenticate with PagerDuty." + routingKey: String! + + "Defines whether the action should use the configured HTTP proxy to send requests." + useProxy: Boolean! + + "Labels for the action. There can be at most 10 labels with a max length of 60 characters per label." + labels: [String!] +} + +type CreateParserFromPackageTemplateMutation { + "Stability: Long-term" + parser: Parser! @stability(level: LongTerm) +} + +"Data for creating a parser from a yaml template" +input CreateParserFromTemplateInput { + "Name of the repo to install the parser in" + viewName: RepoOrViewName! + + "Optional name for the parser. If not provided, the name in the template will be used." + name: String + + "YAML specification of the parser." + yamlTemplate: YAML! +} + +"Input for creating a parser." +input CreateParserInputV2 { + "The name to use for the parser." + name: String! + + "The parser script that is executed for every incoming event." + script: String! + + "Test cases that can be used to help verify that the parser works as expected." + testCases: [ParserTestCaseInput!]! + + "The repository where the parser lives." + repositoryName: RepoOrViewName! + + "Fields that are used as tags." + fieldsToTag: [String!]! + + "A list of fields that will be removed from the event before it's parsed. These fields will not be included when calculating usage." + fieldsToBeRemovedBeforeParsing: [String!]! + + "Allows saving a parser with a name that is already in use, by overwriting the parser that previously had the name." + allowOverwritingExistingParser: Boolean = false + + "A specific language version." + languageVersion: LanguageVersionInputType = {name: "legacy"} } input CreatePersonalUserTokenInput { - expireAt: Long - ipFilterId: String + expireAt: Long + ipFilterId: String } -""" -The personal user token and its associated metadata. -""" +input CreatePersonalUserTokenV2Input { + expireAt: Long + ipFilterId: String +} + +"The personal user token and its associated metadata." type CreatePersonalUserTokenV2Output { -""" -The personal user token. -Stability: Long-term -""" - token: String! -""" -Metadata about the token. -Stability: Long-term -""" - tokenMetadata: PersonalUserToken! + """ + The personal user token. + Stability: Long-term + """ + token: String! @stability(level: LongTerm) + + """ + Metadata about the token. + Stability: Long-term + """ + tokenMetadata: PersonalUserToken! @stability(level: LongTerm) } -""" -Data for creating a post message Slack action. -""" +"Data for creating a post message Slack action." input CreatePostMessageSlackAction { -""" -Data for creating a post message Slack action. -""" - viewName: String! -""" -Data for creating a post message Slack action. -""" - name: String! -""" -Data for creating a post message Slack action. -""" - apiToken: String! -""" -Data for creating a post message Slack action. -""" - channels: [String!]! -""" -Data for creating a post message Slack action. -""" - fields: [SlackFieldEntryInput!]! -""" -Data for creating a post message Slack action. -""" - useProxy: Boolean! + "Name of the view of the action." + viewName: String! + + "Name of the action." + name: String! + + "Api token to authenticate with Slack." + apiToken: String! + + "List of Slack channels to message." + channels: [String!]! + + "Fields to include within the Slack message. Can be templated with values from the result." + fields: [SlackFieldEntryInput!]! + + "Defines whether the action should use the configured HTTP proxy to send requests." + useProxy: Boolean! + + "Labels to categorize the action." + labels: [String!] } -""" -Data for creating a remote cluster connection -""" +"Data for creating a remote cluster connection" input CreateRemoteClusterConnectionInput { -""" -Data for creating a remote cluster connection -""" - multiClusterViewName: String! -""" -Data for creating a remote cluster connection -""" - publicUrl: String! -""" -Data for creating a remote cluster connection -""" - token: String! -""" -Data for creating a remote cluster connection -""" - tags: [ClusterConnectionInputTag!] -""" -Data for creating a remote cluster connection -""" - queryPrefix: String + "Name or id of the multi-cluster view to add the connection to" + multiClusterViewName: String! + + "Public URL of the remote cluster to connect with" + publicUrl: String! + + "Access token for the remote view to connect with" + token: String! + + "Additional tags that can be used to filter queries" + tags: [ClusterConnectionInputTag!] + + "Filter query that restricts the data visible through this connection" + queryPrefix: String } type CreateRepositoryMutation { -""" -Stability: Long-term -""" - repository: Repository! + "Stability: Long-term" + repository: Repository! @stability(level: LongTerm) +} + +"Data for creating an S3 action." +input CreateS3Action { + "Name of the view of the action." + viewName: RepoOrViewName! + + "Name of the action." + name: String! + + "Labels to categorize the action. There can be at most 10 labels with a max length of 60 characters per label." + labels: [String!] = [] + + "ARN of the role to be assumed." + roleArn: String! + + "AWS region. For options see: https://docs.aws.amazon.com/general/latest/gr/s3.html" + awsRegion: String! + + "Name of the bucket." + bucketName: String! + + "Name of the file(s). You can use most message templates for this. See documentation for S3 action: https://library.humio.com/data-analysis/automated-actions-s3.html" + fileName: String! + + "Output format type for the result. Can be either NDJSON or CSV." + outputFormat: S3ActionEventOutputFormat! + + "Whether to output metadata for the result. Metadata will be output as a separate JSON file." + outputMetadata: Boolean! + + "Defines whether the action should use the configured HTTP proxy to send requests." + useProxy: Boolean = true } type CreateSavedQueryFromPackageTemplateMutation { -""" -Stability: Long-term -""" - savedQuery: SavedQuery! + "Stability: Long-term" + savedQuery: SavedQuery! @stability(level: LongTerm) +} + +"Data for creating a saved query from a yaml template." +input CreateSavedQueryFromTemplateInput { + "The name of the view where the saved query will be created." + viewName: RepoOrViewName! + + "Optional name for the saved query. If not provided, the template's name will be used." + name: String + + "The YAML template for the saved query." + yamlTemplate: YAML! } input CreateSavedQueryInput { - name: String! - viewName: String! - queryString: String! - start: String - end: String - isLive: Boolean - widgetType: String - options: String - dashboardLinkInteractions: [DashboardLinkInteractionInput!] - customLinkInteractions: [CustomLinkInteractionInput!] - searchLinkInteractions: [SearchLinkInteractionInput!] - updateParametersInteractions: [UpdateParametersInteractionInput!] + name: String! + description: String + viewName: String! + queryString: String! + start: String + end: String + isLive: Boolean + widgetType: String + options: String + labels: [String!] + dashboardLinkInteractions: [DashboardLinkInteractionInput!] + customLinkInteractions: [CustomLinkInteractionInput!] + searchLinkInteractions: [SearchLinkInteractionInput!] + updateParametersInteractions: [UpdateParametersInteractionInput!] } type CreateSavedQueryPayload { -""" -Stability: Long-term -""" - savedQuery: SavedQuery! + "Stability: Long-term" + savedQuery: SavedQuery! @stability(level: LongTerm) } -""" -Data for creating a scheduled report. -""" +"Data for creating a scheduled report." input CreateScheduledReportInput { -""" -Data for creating a scheduled report. -""" - viewName: String! -""" -Data for creating a scheduled report. -""" - name: String! -""" -Data for creating a scheduled report. -""" - password: String -""" -Data for creating a scheduled report. -""" - enabled: Boolean! -""" -Data for creating a scheduled report. -""" - description: String! -""" -Data for creating a scheduled report. -""" - dashboardId: String! -""" -Data for creating a scheduled report. -""" - timeIntervalFrom: String -""" -Data for creating a scheduled report. -""" - schedule: CreateScheduledReportScheduleInput! -""" -Data for creating a scheduled report. -""" - labels: [String!]! -""" -Data for creating a scheduled report. -""" - parameters: [CreateScheduledReportParameterValueInput!]! -""" -Data for creating a scheduled report. -""" - recipients: [String!]! -""" -Data for creating a scheduled report. -""" - layout: CreateScheduledReportLayoutInput! + "Name of the view of the scheduled report." + viewName: String! + + "Name of the scheduled report." + name: String! + + "Password used to protect any generated reports." + password: String + + "Flag indicating whether the scheduled report is enabled." + enabled: Boolean! + + "Description of the scheduled report." + description: String! + + "The id of the dashboard the report was created for." + dashboardId: String! + + "Start of the relative time interval for the dashboard." + timeIntervalFrom: String + + "The schedule to run the report by." + schedule: CreateScheduledReportScheduleInput! + + "Labels attached to the scheduled report." + labels: [String!]! + + "List of parameter value configurations." + parameters: [CreateScheduledReportParameterValueInput!]! + + "List of recipients who should receive an email with the generated report." + recipients: [String!]! + + "Layout of the scheduled report." + layout: CreateScheduledReportLayoutInput! } -""" -Layout of the scheduled report. -""" +"Layout of the scheduled report." input CreateScheduledReportLayoutInput { -""" -Layout of the scheduled report. -""" - paperSize: String! -""" -Layout of the scheduled report. -""" - paperOrientation: String! -""" -Layout of the scheduled report. -""" - paperLayout: String! -""" -Layout of the scheduled report. -""" - showDescription: Boolean! -""" -Layout of the scheduled report. -""" - showTitleFrontpage: Boolean! -""" -Layout of the scheduled report. -""" - showParameters: Boolean! -""" -Layout of the scheduled report. -""" - maxNumberOfRows: Int! -""" -Layout of the scheduled report. -""" - showTitleHeader: Boolean! -""" -Layout of the scheduled report. -""" - showExportDate: Boolean! -""" -Layout of the scheduled report. -""" - footerShowPageNumbers: Boolean! + "Paper size. Supported types are A4 and Letter." + paperSize: String! + + "Paper orientation. Supported types are Landscape and Portrait." + paperOrientation: String! + + "Paper layout. Supported types are List and Grid." + paperLayout: String! + + "Flag indicating whether to show report description." + showDescription: Boolean! + + "Flag indicating whether to show title on frontpage." + showTitleFrontpage: Boolean! + + "Flag indicating whether to show parameters." + showParameters: Boolean! + + "Max number of rows to display in tables." + maxNumberOfRows: Int! + + "Flag indicating whether to show title header." + showTitleHeader: Boolean! + + "Flag indicating whether to show export date." + showExportDate: Boolean! + + "Flag indicating whether to show footer page numbers." + footerShowPageNumbers: Boolean! } -""" -List of parameter value configurations. -""" +"List of parameter value configurations." input CreateScheduledReportParameterValueInput { -""" -List of parameter value configurations. -""" - id: String! -""" -List of parameter value configurations. -""" - value: String! + "Id of the parameter." + id: String! + + "Value of the parameter." + value: String! } -""" -The schedule to run the report by. -""" +"The schedule to run the report by." input CreateScheduledReportScheduleInput { -""" -The schedule to run the report by. -""" - cronExpression: String! -""" -The schedule to run the report by. -""" - timeZone: String! -""" -The schedule to run the report by. -""" - startDate: Long! -""" -The schedule to run the report by. -""" - endDate: Long + "Cron pattern describing the schedule to execute the report on." + cronExpression: String! + + "Timezone of the schedule. Examples include UTC, Europe/Copenhagen." + timeZone: String! + + "Start date of the active period of the schedule." + startDate: Long! + + "Optional end date of the active period of the schedule." + endDate: Long } -""" -Data for creating a scheduled search -""" +"Data for creating a scheduled search" input CreateScheduledSearch { -""" -Data for creating a scheduled search -""" - viewName: String! -""" -Data for creating a scheduled search -""" - name: String! -""" -Data for creating a scheduled search -""" - description: String -""" -Data for creating a scheduled search -""" - queryString: String! -""" -Data for creating a scheduled search -""" - queryStart: String! -""" -Data for creating a scheduled search -""" - queryEnd: String! -""" -Data for creating a scheduled search -""" - schedule: String! -""" -Data for creating a scheduled search -""" - timeZone: String! -""" -Data for creating a scheduled search -""" - backfillLimit: Int! -""" -Data for creating a scheduled search -""" - enabled: Boolean -""" -Data for creating a scheduled search -""" - actions: [String!]! -""" -Data for creating a scheduled search -""" - labels: [String!] -""" -Data for creating a scheduled search -""" - runAsUserId: String -""" -Data for creating a scheduled search -""" - queryOwnershipType: QueryOwnershipType -} + "Name of the view of the scheduled search." + viewName: String! -""" -Data for creating a scheduled search from a yaml template. -""" -input CreateScheduledSearchFromTemplateInput { -""" -Data for creating a scheduled search from a yaml template. -""" - viewName: RepoOrViewName! -""" -Data for creating a scheduled search from a yaml template. -""" - name: String! -""" -Data for creating a scheduled search from a yaml template. -""" - yamlTemplate: YAML! + "Name of the scheduled search." + name: String! + + "Description of the scheduled search." + description: String + + "LogScale query to execute." + queryString: String! + + "Start of the relative time interval for the query. Does not support values which cannot be represented in whole seconds." + queryStart: String! + + "End of the relative time interval for the query. Does not support values which cannot be represented in whole seconds." + queryEnd: String! + + "Cron pattern describing the schedule to execute the query on." + schedule: String! + + "Time zone of the schedule. Currently this field only supports UTC offsets like 'UTC', 'UTC-01' or 'UTC+12:45'." + timeZone: String! + + "User-defined limit, which caps the number of missed searches to backfill, e.g. in the event of a shutdown. If the 'queryTimestampType' is IngestTimestamp this field is not used, but due to backwards compatibility a value of 0 is returned." + backfillLimit: Int! + + "Flag indicating whether the scheduled search is enabled." + enabled: Boolean = true + + "List of ids or names for actions to fire on query result. At most 10 actions can be added. Actions in packages can be referred to as \"packagescope/packagename:actionname\"." + actions: [String!]! + + "Labels attached to the scheduled search." + labels: [String!] = [] + + "The scheduled search will run with the permissions of the user corresponding to this id if 'queryOwnershipType' is set to User. If 'queryOwnershipType' is set to Organization, whilst 'runAsUserId' is set, this will result in an error. If not specified, the scheduled search will run with the permissions of the calling user. It requires the 'ChangeTriggersToRunAsOtherUsers' permission to set this field to a user id different from the calling user." + runAsUserId: String + + "Ownership of the query run by this scheduled search. If value is User, ownership will be based on the 'runAsUserId' field." + queryOwnershipType: QueryOwnershipType = User } -""" -Data for creating a scheduled search -""" +"Data for creating a scheduled search" input CreateScheduledSearchV2 { -""" -Data for creating a scheduled search -""" - viewName: String! -""" -Data for creating a scheduled search -""" - name: String! -""" -Data for creating a scheduled search -""" - description: String -""" -Data for creating a scheduled search -""" - queryString: String! -""" -Data for creating a scheduled search -""" - searchIntervalSeconds: Long! -""" -Data for creating a scheduled search -""" - searchIntervalOffsetSeconds: Long -""" -Data for creating a scheduled search -""" - maxWaitTimeSeconds: Long -""" -Data for creating a scheduled search -""" - schedule: String! -""" -Data for creating a scheduled search -""" - timeZone: String! -""" -Data for creating a scheduled search -""" - backfillLimit: Int -""" -Data for creating a scheduled search -""" - enabled: Boolean -""" -Data for creating a scheduled search -""" - actionIdsOrNames: [String!]! -""" -Data for creating a scheduled search -""" - labels: [String!] -""" -Data for creating a scheduled search -""" - runAsUserId: String -""" -Data for creating a scheduled search -""" - queryOwnershipType: QueryOwnershipType! -""" -Data for creating a scheduled search -""" - queryTimestampType: QueryTimestampType! + "Name of the view of the scheduled search." + viewName: String! + + "Name of the scheduled search." + name: String! + + "Description of the scheduled search." + description: String + + "LogScale query to execute." + queryString: String! + + "Search interval in seconds." + searchIntervalSeconds: Long! + + "Offset of the search interval in seconds. Only allowed when 'queryTimestampType' is EventTimestamp where it is mandatory." + searchIntervalOffsetSeconds: Long + + "Maximum number of seconds to wait for ingest delay and query warnings. Only allowed when 'queryTimestamp' is IngestTimestamp where it is mandatory." + maxWaitTimeSeconds: Long + + "Cron pattern describing the schedule to execute the query on." + schedule: String! + + "Time zone of the schedule. Currently this field only supports UTC offsets like 'UTC', 'UTC-01' or 'UTC+12:45'." + timeZone: String! + + "User-defined limit, which caps the number of missed searches to backfill, e.g. in the event of a shutdown. Only allowed when 'queryTimestampType' is EventTimestamp where it is mandatory." + backfillLimit: Int + + "Flag indicating whether the scheduled search is enabled." + enabled: Boolean = true + + "Flag indicating whether the scheduled search should trigger when it finds en empty result (no events)." + triggerOnEmptyResult: Boolean = false + + "List of ids or names for actions to fire on query result. At most 10 actions can be added. Actions in packages can be referred to as \"packagescope/packagename:actionname\"." + actionIdsOrNames: [String!]! + + "Labels attached to the scheduled search." + labels: [String!] = [] + + "The scheduled search will run with the permissions of the user corresponding to this id if 'queryOwnershipType' is set to User. If 'queryOwnershipType' is set to Organization, whilst 'runAsUserId' is set, this will result in an error. If not specified, the scheduled search will run with the permissions of the calling user. It requires the 'ChangeTriggersToRunAsOtherUsers' permission to set this field to a user id different from the calling user." + runAsUserId: String + + "Ownership of the query run by this scheduled search. If value is User, ownership will be based on the 'runAsUserId' field." + queryOwnershipType: QueryOwnershipType! + + "Timestamp type to use for the query." + queryTimestampType: QueryTimestampType! } input CreateSearchLinkInteractionInput { - path: String! - searchLinkInteractionInput: SearchLinkInteractionInput! + path: String! + searchLinkInteractionInput: SearchLinkInteractionInput! } -""" -Data for creating a Slack action. -""" +"Data for creating a Slack action." input CreateSlackAction { -""" -Data for creating a Slack action. -""" - viewName: String! -""" -Data for creating a Slack action. -""" - name: String! -""" -Data for creating a Slack action. -""" - url: String! -""" -Data for creating a Slack action. -""" - fields: [SlackFieldEntryInput!]! -""" -Data for creating a Slack action. -""" - useProxy: Boolean! + "Name of the view of the action." + viewName: String! + + "Name of the action." + name: String! + + "Slack webhook url to send the request to." + url: String! + + "Fields to include within the Slack message. Can be templated with values from the result." + fields: [SlackFieldEntryInput!]! + + "Defines whether the action should use the configured HTTP proxy to send requests." + useProxy: Boolean! + + "Labels to categorize the action." + labels: [String!] } input CreateSystemPermissionTokenInput { - name: String! - expireAt: Long - ipFilterId: String - permissions: [SystemPermission!]! + name: String! + expireAt: Long + ipFilterId: String + permissions: [SystemPermission!]! } input CreateSystemPermissionTokenV2Input { - name: String! - expireAt: Long - ipFilterId: String - systemPermissions: [SystemPermission!]! + name: String! + expireAt: Long + ipFilterId: String + systemPermissions: [SystemPermission!]! } -""" -The system permissions token and its associated metadata. -""" +"The system permissions token and its associated metadata." type CreateSystemPermissionsTokenV2Output { -""" -The system permissions token. -Stability: Long-term -""" - token: String! -""" -Metadata about the token. -Stability: Long-term -""" - tokenMetadata: SystemPermissionsToken! + """ + The system permissions token. + Stability: Long-term + """ + token: String! @stability(level: LongTerm) + + """ + Metadata about the token. + Stability: Long-term + """ + tokenMetadata: SystemPermissionsToken! @stability(level: LongTerm) } -""" -Data for creating an upload file action. -""" +"Data for creating an upload file action." input CreateUploadFileAction { -""" -Data for creating an upload file action. -""" - viewName: String! -""" -Data for creating an upload file action. -""" - name: String! -""" -Data for creating an upload file action. -""" - fileName: String! + "Name of the view of the action." + viewName: String! + + "Name of the action." + name: String! + + "File name for the uploaded file." + fileName: String! + + "Labels to categorize the action." + labels: [String!] + + "The mode for the file update." + updateMode: UpdateMode = Overwrite + + "Key columns to use to update the file. This only allowed when `updateMode` is set to `update`, in which case it is mandatory. If new rows match existing rows in these columns, the existing row will be updated. If not, new rows will be appended." + keyColumns: [String!] + + "Whether to match key columns case insensitively or not. Should only be set when `updateMode` is `Update`, in which case it is mandatory." + keyColumnsIgnoreCase: Boolean } -""" -Data for creating a VictorOps action. -""" +"Data for creating a VictorOps action." input CreateVictorOpsAction { -""" -Data for creating a VictorOps action. -""" - viewName: String! -""" -Data for creating a VictorOps action. -""" - name: String! -""" -Data for creating a VictorOps action. -""" - messageType: String! -""" -Data for creating a VictorOps action. -""" - notifyUrl: String! -""" -Data for creating a VictorOps action. -""" - useProxy: Boolean! + "Name of the view of the action." + viewName: String! + + "Name of the action." + name: String! + + "Type of the VictorOps message to make." + messageType: String! + + "VictorOps webhook url to send the request to." + notifyUrl: String! + + "Defines whether the action should use the configured HTTP proxy to send requests." + useProxy: Boolean! + + "Labels to categorize the action." + labels: [String!] } input CreateViewPermissionsTokenInput { - name: String! - expireAt: Long - ipFilterId: String - viewIds: [String!]! - permissions: [Permission!]! + name: String! + expireAt: Long + ipFilterId: String + viewIds: [String!]! + permissions: [Permission!]! } input CreateViewPermissionsTokenV2Input { - name: String! - expireAt: Long - ipFilterId: String - viewIds: [String!]! - viewPermissions: [Permission!]! - assetPermissionAssignments: [ViewPermissionsTokenAssetPermissionAssignmentInput!] + name: String! + expireAt: Long + ipFilterId: String + viewIds: [String!]! + viewPermissions: [Permission!]! + assetPermissionAssignments: [ViewPermissionsTokenAssetPermissionAssignmentInput!] } -""" -The view permissions token and its associated metadata. -""" +"The view permissions token and its associated metadata." type CreateViewPermissionsTokenV2Output { -""" -The view permissions token. -Stability: Long-term -""" - token: String! -""" -Metadata about the token. -Stability: Long-term -""" - tokenMetadata: ViewPermissionsToken! + """ + The view permissions token. + Stability: Long-term + """ + token: String! @stability(level: LongTerm) + + """ + Metadata about the token. + Stability: Long-term + """ + tokenMetadata: ViewPermissionsToken! @stability(level: LongTerm) } -""" -Data for creating a webhook action. -""" +"Data for creating a webhook action." input CreateWebhookAction { -""" -Data for creating a webhook action. -""" - viewName: String! -""" -Data for creating a webhook action. -""" - name: String! -""" -Data for creating a webhook action. -""" - url: String! -""" -Data for creating a webhook action. -""" - method: String! -""" -Data for creating a webhook action. -""" - headers: [HttpHeaderEntryInput!]! -""" -Data for creating a webhook action. -""" - bodyTemplate: String! -""" -Data for creating a webhook action. -""" - ignoreSSL: Boolean! -""" -Data for creating a webhook action. -""" - useProxy: Boolean! -} + "Name of the view of the action." + viewName: String! -input CrossOrganizationViewConnectionInputModel { - repoName: String! - filter: String! - organizationId: String! -} + "Name of the action." + name: String! -input CustomLinkInteractionInput { - name: String! - titleTemplate: String - urlTemplate: String! - openInNewTab: Boolean! - urlEncodeArgs: Boolean - fieldInteractionConditions: [FieldInteractionConditionInput!] -} + "Url to send the http(s) request to." + url: String! -input DashboardLinkInteractionInput { - name: String! - titleTemplate: String - arguments: [ArgumentInput!]! - dashboardId: String - dashboardName: String - dashboardRepoOrViewName: RepoOrViewName - packageSpecifier: UnversionedPackageSpecifier - openInNewTab: Boolean! - useWidgetTimeWindow: Boolean! - fieldInteractionConditions: [FieldInteractionConditionInput!] -} + "Method to use for the request." + method: String! -""" -The frequency at which a dashboard updates its results. -""" -enum DashboardUpdateFrequency { - RealTime - Never -} + "Headers of the http(s) request." + headers: [HttpHeaderEntryInput!]! -input DashboardUpdateFrequencyInput { - updateFrequencyType: DashboardUpdateFrequency! -} + "Body of the http(s) request. Can be templated with values from the result." + bodyTemplate: String! -""" -Data for deleting an action. -""" -input DeleteAction { -""" -Data for deleting an action. -""" - viewName: String! -""" -Data for deleting an action. -""" - id: String! -} + "Flag indicating whether SSL should be ignored for the request." + ignoreSSL: Boolean! -""" -Data for deleting an aggregate alert. -""" -input DeleteAggregateAlert { -""" -Data for deleting an aggregate alert. -""" - viewName: RepoOrViewName! -""" -Data for deleting an aggregate alert. -""" - id: String! + "Defines whether the action should use the configured HTTP proxy to send requests." + useProxy: Boolean! + + "Labels to categorize the action." + labels: [String!] } -""" -Data for deleting an alert -""" -input DeleteAlert { -""" -Data for deleting an alert -""" - viewName: String! -""" -Data for deleting an alert -""" - id: String! +"Represents the connection between a view and an underlying repository in another organization." +type CrossOrgViewConnection { + """ + ID of the underlying repository + Stability: Short-term + """ + id: String! @stability(level: ShortTerm) + + """ + Name of the underlying repository + Stability: Short-term + """ + name: String! @stability(level: ShortTerm) + + """ + The filter applied to all results from the repository. + Stability: Short-term + """ + filter: String! @stability(level: ShortTerm) + + "Stability: Short-term" + languageVersion: LanguageVersion! @stability(level: ShortTerm) + + """ + ID of the organization containing the underlying repository + Stability: Short-term + """ + orgId: String! @stability(level: ShortTerm) } -""" -Data for deleting a cluster connection -""" -input DeleteClusterConnectionInput { -""" -Data for deleting a cluster connection -""" - multiClusterViewName: String! -""" -Data for deleting a cluster connection -""" - connectionId: String! +input CrossOrganizationViewConnectionInputModel { + repoName: String! + filter: String! + organizationId: String! } -input DeleteDashboardInput { - id: String! +"The status the local database of CrowdStrike IOCs" +type CrowdStrikeIocStatus { + "Stability: Long-term" + databaseTables: [IocTableInfo!]! @stability(level: LongTerm) } -""" -The data for deleting a dashboard -""" -input DeleteDashboardInputV2 { -""" -The data for deleting a dashboard -""" - viewId: String! -""" -The data for deleting a dashboard -""" - dashboardId: String! +type CurrentStats { + "Stability: Long-term" + ingest: Ingest! @stability(level: LongTerm) + + "Stability: Long-term" + storedData: StoredData! @stability(level: LongTerm) + + "Stability: Long-term" + scannedData: ScannedData! @stability(level: LongTerm) + + "Stability: Long-term" + users: UsersLimit! @stability(level: LongTerm) } -type DeleteDashboardMutation { -""" -Stability: Long-term -""" - dashboard: Dashboard! +"Query result for current usage" +union CurrentUsageQueryResult = QueryInProgress | CurrentStats + +type CustomLinkInteraction { + "Stability: Long-term" + urlTemplate: String! @stability(level: LongTerm) + + "Stability: Long-term" + openInNewTab: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + urlEncodeArgs: Boolean! @stability(level: LongTerm) } -""" -Data for deleting an event forwarder -""" +input CustomLinkInteractionInput { + name: String! + titleTemplate: String + urlTemplate: String! + openInNewTab: Boolean! + urlEncodeArgs: Boolean + fieldInteractionConditions: [FieldInteractionConditionInput!] +} + +"Represents information about a dashboard." +type Dashboard { + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + description: String @stability(level: LongTerm) + + "Stability: Long-term" + labels: [String!]! @stability(level: LongTerm) + + "A YAML formatted string that describes the dashboard. It does not contain links or permissions, and is safe to share and use for making copies of a dashboard." + templateYaml: String! @deprecated(reason: "[DEPRECATED: Field has been renamed to yamlTemplate. Will be removed at the earliest in version 1.225]") + + """ + A YAML formatted string that describes the dashboard. It does not contain links or permissions, and is safe to share and use for making copies of a dashboard. + Stability: Long-term + """ + yamlTemplate: YAML! @stability(level: LongTerm) + + "Stability: Long-term" + displayName: String! @stability(level: LongTerm) + + "Stability: Long-term" + widgets: [Widget!]! @stability(level: LongTerm) + + "Stability: Long-term" + sections: [Section!]! @stability(level: LongTerm) + + "Stability: Long-term" + series: [SeriesConfig!]! @stability(level: LongTerm) + + "Stability: Short-term" + seriesColorPalette: String @stability(level: ShortTerm) + + "Stability: Long-term" + readOnlyTokens: [DashboardLink!]! @stability(level: LongTerm) + + "Stability: Long-term" + filters: [DashboardFilter!]! @stability(level: LongTerm) + + "Stability: Long-term" + parameters: [DashboardParameter!]! @stability(level: LongTerm) + + "Stability: Long-term" + updateFrequency: DashboardUpdateFrequencyType! @stability(level: LongTerm) + + "Stability: Long-term" + isStarred: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + defaultFilter: DashboardFilter @stability(level: LongTerm) + + "Stability: Long-term" + defaultSharedTimeStart: String! @stability(level: LongTerm) + + "Stability: Long-term" + defaultSharedTimeEnd: String! @stability(level: LongTerm) + + "Stability: Long-term" + timeJumpSizeInMs: Int @stability(level: LongTerm) + + "Stability: Long-term" + defaultSharedTimeEnabled: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + searchDomain: SearchDomain! @stability(level: LongTerm) + + "Stability: Long-term" + packageId: VersionedPackageSpecifier @stability(level: LongTerm) + + "Stability: Long-term" + package: PackageInstallation @stability(level: LongTerm) + + """ + Allowed asset actions + Stability: Short-term + """ + allowedActions: [AssetAction!]! @stability(level: ShortTerm) + + """ + The resource identifier for this dashboard. + Stability: Short-term + """ + resource: String! @stability(level: ShortTerm) + + """ + Metadata related to the creation of the dashboard + Stability: Long-term + """ + createdInfo: AssetCommitMetadata @stability(level: LongTerm) + + """ + Metadata related to the latest modification of the dashboard + Stability: Long-term + """ + modifiedInfo: AssetCommitMetadata @stability(level: LongTerm) +} + +"A dashboard" +type DashboardEntry { + "Stability: Long-term" + dashboard: Dashboard! @stability(level: LongTerm) + + "Stability: Preview" + view: SearchDomain! @stability(level: Preview) +} + +"A saved configuration for filtering dashboard widgets." +type DashboardFilter { + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + prefixFilter: String! @stability(level: LongTerm) +} + +"A token that can be used to access the dashboard without logging in. Useful for e.g. wall mounted dashboards or public dashboards." +type DashboardLink { + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + token: String! @stability(level: LongTerm) + + "Stability: Long-term" + createdBy: String! @stability(level: LongTerm) + + """ + The ip filter for the dashboard link. + Stability: Long-term + """ + ipFilter: IPFilter @stability(level: LongTerm) + + """ + Ownership of the queries run by this shared dashboard + Stability: Long-term + """ + queryOwnership: QueryOwnership! @stability(level: LongTerm) +} + +type DashboardLinkInteraction { + "Stability: Long-term" + arguments: [DictionaryEntryType!]! @stability(level: LongTerm) + + "Stability: Long-term" + dashboardReference: DashboardLinkInteractionDashboardReference! @stability(level: LongTerm) + + "Stability: Long-term" + openInNewTab: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + useWidgetTimeWindow: Boolean! @stability(level: LongTerm) +} + +"A reference to a dashboard either by id or name" +type DashboardLinkInteractionDashboardReference { + "Stability: Long-term" + id: String @stability(level: LongTerm) + + "Stability: Long-term" + name: String @stability(level: LongTerm) + + "Stability: Long-term" + repoOrViewName: RepoOrViewName @stability(level: LongTerm) + + "Stability: Long-term" + packageSpecifier: UnversionedPackageSpecifier @stability(level: LongTerm) +} + +input DashboardLinkInteractionInput { + name: String! + titleTemplate: String + arguments: [ArgumentInput!]! + dashboardId: String + dashboardName: String + dashboardRepoOrViewName: RepoOrViewName + packageSpecifier: UnversionedPackageSpecifier + openInNewTab: Boolean! + useWidgetTimeWindow: Boolean! + fieldInteractionConditions: [FieldInteractionConditionInput!] +} + +"A page of dashboards." +type DashboardPage { + "Stability: Long-term" + pageInfo: PageType! @stability(level: LongTerm) + + "Stability: Long-term" + page: [Dashboard!]! @stability(level: LongTerm) +} + +"Represents a dashboard parameter." +interface DashboardParameter { + """ + The ID of the parameter. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + The label or 'name' displayed next to the input for the variable to make it more human-readable. + Stability: Long-term + """ + label: String! @stability(level: LongTerm) + + """ + The value assigned to the parameter on dashboard load, if no other value is specified. + Stability: Long-term + """ + defaultValueV2: String @stability(level: LongTerm) + + """ + A number that determines the order in which parameters are displayed on a dashboard. If null, the parameter is ordered after other parameters in alphanumerical order. + Stability: Long-term + """ + order: Int @stability(level: LongTerm) + + """ + A number that determines the width of a parameter. + Stability: Long-term + """ + width: Int @stability(level: LongTerm) +} + +type DashboardTemplate { + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + displayName: String! @stability(level: LongTerm) + + "Stability: Long-term" + yamlTemplate: String! @stability(level: LongTerm) + + "Stability: Long-term" + labels: [String!]! @stability(level: LongTerm) +} + +"The frequency at which a dashboard updates its results." +enum DashboardUpdateFrequency { + RealTime + Never +} + +input DashboardUpdateFrequencyInput { + updateFrequencyType: DashboardUpdateFrequency! +} + +"The frequency at which a dashboard fetches new results for widgets." +union DashboardUpdateFrequencyType = NeverDashboardUpdateFrequency | RealTimeDashboardUpdateFrequency + +"A datasource, e.g. file name or system sending data to LogScale." +type Datasource { + "Stability: Short-term" + name: String! @stability(level: ShortTerm) + + "Stability: Short-term" + oldestTimestamp: DateTime! @stability(level: ShortTerm) + + "Stability: Short-term" + newestTimestamp: DateTime! @stability(level: ShortTerm) + + "Stability: Short-term" + tags: [Tag!]! @stability(level: ShortTerm) + + """ + The size in Gigabytes of the data from this data source before compression. + Stability: Short-term + """ + sizeAtIngest: Float! @stability(level: ShortTerm) + + """ + This size in Gigabytes of the data from this data source currently on disk. + Stability: Short-term + """ + sizeOnDisk: Float! @stability(level: ShortTerm) + + """ + The size in Gigabytes of the data from this data source before compression, but only for the parts that are now part of a merged segment file. + Stability: Short-term + """ + sizeAtIngestOfMerged: Float! @stability(level: ShortTerm) + + """ + This size in Gigabytes of the data from this data source currently on disk, but only for the parts that are now part of a merged segment file. + Stability: Short-term + """ + sizeOnDiskOfMerged: Float! @stability(level: ShortTerm) +} + +"Date and time in the ISO-8601 instant format. Example: `2019-12-03T10:15:30.00Z`" +scalar DateTime + +"Data for deleting an action." +input DeleteAction { + "Name of the view of the action." + viewName: String! + + "Id of the action." + id: String! +} + +"Data for deleting an action." +input DeleteActionV2 { + "Name of the view of the action." + viewName: RepoOrViewName! + + "Id of the action." + id: String! +} + +"Data for deleting an aggregate alert." +input DeleteAggregateAlert { + "Name of the view of the aggregate alert." + viewName: RepoOrViewName! + + "Id of the aggregate alert." + id: String! +} + +"Data for deleting an alert" +input DeleteAlert { + "Name of the view of the legacy alert." + viewName: String! + + "Id of the legacy alert." + id: String! +} + +"Data for deleting an alert" +input DeleteAlertV2 { + "Name of the view of the legacy alert." + viewName: RepoOrViewName! + + "Id of the legacy alert." + id: String! +} + +"Data for deleting a cluster connection" +input DeleteClusterConnectionInput { + "Name or id of the multi-cluster view to delete the connection from" + multiClusterViewName: String! + + "Id of the connection to delete" + connectionId: String! +} + +"Data for deleting a dashboard." +input DeleteDashboard { + "Id of the dashboard." + id: String! + + "Name of the view containing the dashboard." + viewName: RepoOrViewName! +} + +input DeleteDashboardInput { + id: String! +} + +"The data for deleting a dashboard" +input DeleteDashboardInputV2 { + "The viewId containing the dashboard to delete" + viewId: String! + + "The dashboardId to delete" + dashboardId: String! +} + +type DeleteDashboardMutation { + "Stability: Long-term" + dashboard: Dashboard! @stability(level: LongTerm) +} + +"Data for deleting an event forwarder" input DeleteEventForwarderInput { -""" -Data for deleting an event forwarder -""" - id: String! + "Id of the event forwarder" + id: String! } -""" -Data for deleting an event forwarding rule -""" +"Data for deleting an event forwarding rule" input DeleteEventForwardingRule { -""" -Data for deleting an event forwarding rule -""" - repoName: String! -""" -Data for deleting an event forwarding rule -""" - id: String! + "The name of the repository that the event forwarding rule is for" + repoName: String! + + "The unique id for the event forwarding rule" + id: String! } -""" -Data for deleting an FDR feed -""" +"A deletion of a set of events." +type DeleteEvents { + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + created: DateTime! @stability(level: LongTerm) + + "Stability: Long-term" + start: DateTime! @stability(level: LongTerm) + + "Stability: Long-term" + end: DateTime! @stability(level: LongTerm) + + "Stability: Long-term" + query: String! @stability(level: LongTerm) + + "Stability: Long-term" + createdByUser: String @stability(level: LongTerm) + + "Stability: Long-term" + languageVersion: LanguageVersion! @stability(level: LongTerm) +} + +"Data for deleting an FDR feed" input DeleteFdrFeed { -""" -Data for deleting an FDR feed -""" - repositoryName: String! -""" -Data for deleting an FDR feed -""" - id: String! + "Name of the repository of the FDR feed." + repositoryName: String! + + "Id of the FDR feed." + id: String! } input DeleteFieldAliasSchema { - schemaId: String! + schemaId: String! } -""" -Data for deleting a filter alert -""" +"Data for deleting a filter alert" input DeleteFilterAlert { -""" -Data for deleting a filter alert -""" - viewName: RepoOrViewName! -""" -Data for deleting a filter alert -""" - id: String! + "Name of the view of the filter alert." + viewName: RepoOrViewName! + + "Id of the filter alert." + id: String! } -""" -Data for deleting an ingest feed -""" +"Data for deleting an ingest feed" input DeleteIngestFeed { -""" -Data for deleting an ingest feed -""" - repositoryName: RepoOrViewName! -""" -Data for deleting an ingest feed -""" - id: String! + "Name of the repository of the ingest feed." + repositoryName: RepoOrViewName! + + "Id of the ingest feed." + id: String! } input DeleteInteractionInput { - path: String! - id: String! + path: String! + id: String! } input DeleteParserInput { - id: String! - repositoryName: RepoOrViewName! + id: String! + repositoryName: RepoOrViewName! +} + +"The input required to delete a remote table config." +input DeleteRemoteTableConfigInput { + "The name of the remote table config to delete." + connectionName: String! +} + +"Data for deleting a saved query." +input DeleteSavedQuery { + "ID of the saved query." + id: String! + + "View of the saved query." + viewName: RepoOrViewName! } input DeleteSavedQueryInput { - id: String! - viewName: String! + id: String! + viewName: String! } -""" -Data for deleting a scheduled report. -""" +"Data for deleting a scheduled report." input DeleteScheduledReportInput { -""" -Data for deleting a scheduled report. -""" - viewName: String! -""" -Data for deleting a scheduled report. -""" - id: String! + "Name of the view of the scheduled report." + viewName: String! + + "Id of the scheduled report." + id: String! } -""" -Data for deleting a scheduled search -""" +"Data for deleting a scheduled search" input DeleteScheduledSearch { -""" -Data for deleting a scheduled search -""" - viewName: String! -""" -Data for deleting a scheduled search -""" - id: String! + "Name of the view of the scheduled search." + viewName: String! + + "Id of the scheduled search." + id: String! +} + +"Data for deleting a scheduled search" +input DeleteScheduledSearchV2 { + "Name of the view of the scheduled search." + viewName: RepoOrViewName! + + "Id of the scheduled search." + id: String! } input DeleteSearchDomainByIdInput { - id: String! - deleteMessage: String + "The id of the search domain." + id: String! + + "Optional message to why the search domain was deleted. Will be added to the audit log." + deleteMessage: String } -""" -Data for disabling an aggregate alert. -""" +"Entry into a list of unordered key-value pairs with unique keys" +type DictionaryEntryType { + "Stability: Long-term" + key: String! @stability(level: LongTerm) + + "Stability: Long-term" + value: String! @stability(level: LongTerm) +} + +"Asset permissions that can be directly assigned to users or groups" +type DirectlyAssignedAssetPermissions { + """ + List of asset permissions + Stability: Short-term + """ + assetPermissions: [AssetPermission!]! @stability(level: ShortTerm) + + """ + Whether permissions were assigned due to asset creator status + Stability: Short-term + """ + assignedBecauseOfCreatorStatus: Boolean! @stability(level: ShortTerm) +} + +"Data for disabling an aggregate alert." input DisableAggregateAlert { -""" -Data for disabling an aggregate alert. -""" - viewName: RepoOrViewName! -""" -Data for disabling an aggregate alert. -""" - id: String! + "Name of the view of the aggregate alert." + viewName: RepoOrViewName! + + "Id of the aggregate alert." + id: String! } -""" -Data for disabling an alert -""" +"Data for disabling a legacy alert" input DisableAlert { -""" -Data for disabling an alert -""" - viewName: RepoOrViewName! -""" -Data for disabling an alert -""" - id: String! + "Name of the view of the legacy alert." + viewName: RepoOrViewName! + + "Id of the legacy alert." + id: String! } -""" -Data for disabling an event forwarder -""" +"Data for disabling an event forwarder" input DisableEventForwarderInput { -""" -Data for disabling an event forwarder -""" - id: String! + "Id of the event forwarder" + id: String! } input DisableFieldAliasSchemaOnOrgInput { - schemaId: String! + schemaId: String! } input DisableFieldAliasSchemaOnViewInput { - viewName: String! - schemaId: String! + viewName: String! + schemaId: String! } input DisableFieldAliasSchemaOnViewsInput { - schemaId: String! - viewNames: [String!]! + schemaId: String! + viewNames: [String!]! } -""" -Data for disabling a filter alert -""" +"Data for disabling a filter alert" input DisableFilterAlert { -""" -Data for disabling a filter alert -""" - viewName: RepoOrViewName! -""" -Data for disabling a filter alert -""" - id: String! + "Name of the view of the filter alert." + viewName: RepoOrViewName! + + "Id of the filter alert." + id: String! } -""" -Data for disabling access to IOCs (indicators of compromise) for an organization -""" +"Data for disabling access to IOCs (indicators of compromise) for an organization" input DisableOrganizationIocAccess { -""" -Data for disabling access to IOCs (indicators of compromise) for an organization -""" - organizationId: String! + "Id of organization" + organizationId: String! } -""" -Data for disabling a scheduled report. -""" +"Data for disabling a scheduled report." input DisableScheduledReportInput { -""" -Data for disabling a scheduled report. -""" - viewName: String! -""" -Data for disabling a scheduled report. -""" - id: String! + "Name of the view of the scheduled report." + viewName: String! + + "Id of the scheduled report." + id: String! } -""" -Data for disabling a scheduled search -""" +"Data for disabling a scheduled search" +input DisableScheduledSearch { + "Name of the view of the scheduled search." + viewName: RepoOrViewName! + + "Id of the scheduled search." + id: String! +} + +"Data for disabling a scheduled search" input DisableStarScheduledSearch { -""" -Data for disabling a scheduled search -""" - viewName: String! -""" -Data for disabling a scheduled search -""" - id: String! + "Name of the view of the scheduled search." + viewName: String! + + "Id of the scheduled search." + id: String! +} + +"A dynamic configuration." +enum DynamicConfig { + BlockSignup + DisableUserTracking + DisableAnalyticsJob + MaxAccessTokenTTL + RejectIngestOnParserExceedingFraction + QueryPartitionAutoBalance + QueryCoordinatorMaxHeapFraction + PruneCommunityLockedOrganizationsAfterHours + PruneMissingTOSAcceptanceOrganizationsAfterHours + DisableViewWithSameNameCleanup + MaxIngestRequestSize + JoinRowLimit + JoinDefaultLimit + SelfJoinLimit + StateRowLimit + AstDepthLimit + QueryMaxLength + AdHocTablesLimit + QueryMemoryLimit + LiveQueryMemoryLimit + QueryCoordinatorMemoryLimit + GroupDefaultLimit + GroupMaxLimit + RdnsDefaultLimit + RdnsMaxLimit + ReverseDnsDefaultLimit + ReverseDnsMaxLimit + ReverseDnsDefaultTimeoutInMs + ReverseDnsRequestsPerSecond + ReverseDnsConcurrentRequests + QueryResultRowCountLimit + AggregatorOutputRowLimit + ParserThrottlingAllocationFactor + UndersizedMergingRetentionPercentage + StaticQueryFractionOfCores + TargetMaxRateForDatasource + VerifySegmentInBucketCompletionIntervalDays + VerifySegmentInBucketHeadOnly + MaxRelocatedDatasourcesInGlobal + SampleIntervalForDatasourceRates + FdrMaxNodesPerFeed + BucketStorageWriteVersion + BucketStorageKeySchemeVersion + BucketStorageUploadInfrequentThresholdDays + MinimumHumioVersion + DebugAuditRequestTrace + FlushSegmentsAndGlobalOnShutdown + GracePeriodBeforeDeletingDeadEphemeralHostsMs + FdrS3FileSizeMax + ArchivingClusterWideStartFrom + ArchivingClusterWideEndAt + ArchivingClusterWideDisabled + ArchivingClusterWideRegexForRepoName + EnableDemoData + MaxNumberOfOrganizations + NumberOfDaysToRemoveStaleOrganizationsAfter + IsAutomaticUpdateCheckingAllowed + ExternalFunctionRequestResponseSizeLimitBytes + ExternalFunctionRequestResponseEventCountLimit + ReplaceANSIEscapeCodes + DisableInconsistencyDetectionJob + DeleteDuplicatedNameViewsAfterMerging + MaxConcurrentQueriesOnWorker + MaxQueryPollsForWorker + MaxOpenSegmentsOnWorker + IngestFeedAwsProcessingDownloadBufferSize + IngestFeedAwsProcessingEventBufferSize + IngestFeedAwsProcessingEventsPerBatch + IngestFeedAwsDownloadMaxObjectSize + IngestFeedGovernorGainPerCore + IngestFeedGovernorCycleDuration + IngestFeedGovernorIngestDelayLow + IngestFeedGovernorIngestDelayHigh + IngestFeedGovernorRateOverride + IngestFeedMaxConcurrentPolls + MaxCsvFileUploadSizeBytes + MaxJsonFileUploadSizeBytes + MatchFilesMaxHeapFraction + LookupTableSyncAwaitSeconds + GraphQLSelectionSizeLimit + UnauthenticatedGraphQLSelectionSizeLimit + FileReplicationFactor + QueryBacktrackingLimit + ParserBacktrackingLimit + GraphQLDirectiveCountLimit + GraphQLAliasCountLimit + GraphQLMaxErrorsCount + TableCacheMemoryAllowanceFraction + TableCacheMaxStorageFraction + TableCacheMaxStorageFractionForIngestAndHttpOnly + RetentionPreservationStartDt + RetentionPreservationEndDt + RetentionPreservationTag + DisableNewRegexEngine + EnableGlobalJsonStatsLogger + LiveAdhocTableUpdatePeriodMinimumMs + MinQueryPermitsFactor + CorrelateQueryLimit + CorrelateConstraintLimit + CorrelateConstellationTickLimit + CorrelateLinkValuesLimit + CorrelateLinkValuesMaxByteSize + CorrelateNumberOfTimeBuckets + CorrelateQueryEventLimit + MultiPassDefaultIterationLimit + MultiPassMaxIterationLimit + CorrelateMinIterations + GracefulShutdownConsideredAliveSeconds + GraphQLQueryAnalysisDisabled + ExternalAssetsCacheGeneralizationEnabled + QueryStateCacheEnabled + QueryStateCacheCompleteEnabled + TriggersFromLogScaleAssetResolutionServiceEnabled + LarsVerboseLoggingEnabled + LogScaleToHumioManagerAPICID + ExperimentalJsonParser + FalconEntityEnrichmentSyncCadence + FalconEntityEnrichmentViews + FalconEntityEnrichmentFileName + FalconHostsByIpAndNameEntityEnrichmentSyncCadence + FalconHostsByIpAndNameEntityEnrichmentViews + FalconHostsByIpAndNameEntityEnrichmentFileName + FalconUserIdentitySyncCadence + FalconUserIdentityViews + FalconUserIdentityFileName } input DynamicConfigInputObject { - config: DynamicConfig! - value: String! + config: DynamicConfig! + value: String! } -""" -An email action. -""" -type EmailAction implements Action{ -""" -List of email addresses to send an email to. -Stability: Long-term -""" - recipients: [String!]! -""" -Subject of the email. Can be templated with values from the result. -Stability: Long-term -""" - subjectTemplate: String -""" -Body of the email. Can be templated with values from the result. -Stability: Long-term -""" - bodyTemplate: String -""" -Defines whether the action should use the configured proxy to make web requests. -Stability: Long-term -""" - useProxy: Boolean! -""" -Whether the result set should be attached as a CSV file. -Stability: Long-term -""" - attachCsv: Boolean! -""" -The name of the action. -Stability: Long-term -""" - name: String! -""" -The display name of the action. -Stability: Long-term -""" - displayName: String! -""" -The id of the action. -Stability: Long-term -""" - id: String! -""" -A template that can be used to recreate the action. -Stability: Long-term -""" - yamlTemplate: YAML! -""" -Stability: Long-term -""" - packageId: VersionedPackageSpecifier -""" -The package, if any, which the action is part of. -Stability: Long-term -""" - package: PackageInstallation -""" -False if this type of action is disabled because of a security policy, true otherwise -Stability: Long-term -""" - isAllowedToRun: Boolean! -""" -True if this action is used by triggers, where the query is run by the organization. If true, then the OrganizationOwnedQueries permission is required to edit the action. -Stability: Long-term -""" - requiresOrganizationOwnedQueriesPermissionToEdit: Boolean! -""" -Allowed asset actions -Stability: Preview -""" - allowedActions: [AssetAction!]! -""" -The resource identifier for this action. -Stability: Short-term -""" - resource: String! +"A key value pair of a dynamic config and the accompanying value." +type DynamicConfigKeyValueType { + """ + The dynamic config key. + Stability: Short-term + """ + dynamicConfigKey: DynamicConfig! @stability(level: ShortTerm) + + """ + The dynamic config value. + Stability: Short-term + """ + dynamicConfigValue: String! @stability(level: ShortTerm) } -""" -Data for enabling an aggregate alert. -""" +scalar Email + +"An email action." +type EmailAction implements Action { + """ + List of email addresses to send an email to. + Stability: Long-term + """ + recipients: [String!]! @stability(level: LongTerm) + + """ + Subject of the email. Can be templated with values from the result. + Stability: Long-term + """ + subjectTemplate: String @stability(level: LongTerm) + + """ + Body of the email. Can be templated with values from the result. + Stability: Long-term + """ + bodyTemplate: String @stability(level: LongTerm) + + """ + Defines whether the action should use the configured HTTP proxy to send requests. + Stability: Long-term + """ + useProxy: Boolean! @stability(level: LongTerm) + + """ + Whether the result set should be attached as a CSV file. + Stability: Long-term + """ + attachCsv: Boolean! @stability(level: LongTerm) + + """ + The name of the action. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + The display name of the action. + Stability: Long-term + """ + displayName: String! @stability(level: LongTerm) + + """ + The id of the action. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + A template that can be used to recreate the action. + Stability: Long-term + """ + yamlTemplate: YAML! @stability(level: LongTerm) + + "Stability: Long-term" + packageId: VersionedPackageSpecifier @stability(level: LongTerm) + + """ + The package, if any, which the action is part of. + Stability: Long-term + """ + package: PackageInstallation @stability(level: LongTerm) + + """ + False if this type of action is disabled because of a security policy, true otherwise + Stability: Long-term + """ + isAllowedToRun: Boolean! @stability(level: LongTerm) + + """ + True if this action is used by triggers, where the query is run by the organization. If true, then the OrganizationOwnedQueries permission is required to edit the action. + Stability: Long-term + """ + requiresOrganizationOwnedQueriesPermissionToEdit: Boolean! @stability(level: LongTerm) + + """ + Allowed asset actions + Stability: Short-term + """ + allowedActions: [AssetAction!]! @stability(level: ShortTerm) + + """ + The resource identifier for this action. + Stability: Short-term + """ + resource: String! @stability(level: ShortTerm) + + """ + Metadata related to the creation of the action + Stability: Long-term + """ + createdInfo: AssetCommitMetadata @stability(level: LongTerm) + + """ + Metadata related to the latest modification of the action + Stability: Long-term + """ + modifiedInfo: AssetCommitMetadata @stability(level: LongTerm) + + """ + Labels to categorize the action. + Stability: Preview + """ + labels: [String!] @stability(level: Preview) +} + +"Data for enabling an aggregate alert." input EnableAggregateAlert { -""" -Data for enabling an aggregate alert. -""" - viewName: RepoOrViewName! -""" -Data for enabling an aggregate alert. -""" - id: String! + "Name of the view of the aggregate alert." + viewName: RepoOrViewName! + + "Id of the aggregate alert." + id: String! } -""" -Data for enabling an alert -""" +"Data for enabling a legacy alert" input EnableAlert { -""" -Data for enabling an alert -""" - viewName: RepoOrViewName! -""" -Data for enabling an alert -""" - id: String! + "Name of the view of the legacy alert." + viewName: RepoOrViewName! + + "Id of the legacy alert." + id: String! } -""" -Data for enabling an event forwarder -""" +"Data for enabling an event forwarder" input EnableEventForwarderInput { -""" -Data for enabling an event forwarder -""" - id: String! + "Id of the event forwarder" + id: String! } input EnableFieldAliasSchemaOnOrgInput { - schemaId: String! + schemaId: String! } input EnableFieldAliasSchemaOnViewsInput { - viewNames: [String!]! - schemaId: String! + viewNames: [String!]! + schemaId: String! } -""" -Data for enabling a filter alert -""" +"Data for enabling a filter alert" input EnableFilterAlert { -""" -Data for enabling a filter alert -""" - viewName: RepoOrViewName! -""" -Data for enabling a filter alert -""" - id: String! + "Name of the view of the filter alert." + viewName: RepoOrViewName! + + "Id of the filter alert." + id: String! } -""" -Data for enabling access to IOCs (indicators of compromise) for an organization -""" +"Data for enabling access to IOCs (indicators of compromise) for an organization" input EnableOrganizationIocAccess { -""" -Data for enabling access to IOCs (indicators of compromise) for an organization -""" - organizationId: String! + "Id of organization" + organizationId: String! } -""" -Data for enabling a scheduled report. -""" +"Data for enabling a scheduled report." input EnableScheduledReportInput { -""" -Data for enabling a scheduled report. -""" - viewName: String! -""" -Data for enabling a scheduled report. -""" - id: String! + "Name of the view of the scheduled report." + viewName: String! + + "Id of the scheduled report." + id: String! } -""" -Data for enabling a scheduled search -""" +"Data for enabling a scheduled search" +input EnableScheduledSearch { + "Name of the view of the scheduled search." + viewName: RepoOrViewName! + + "Id of the scheduled search." + id: String! +} + +"Data for enabling a scheduled search" input EnableStarScheduledSearch { -""" -Data for enabling a scheduled search -""" - viewName: String! -""" -Data for enabling a scheduled search -""" - id: String! + "Name of the view of the scheduled search." + viewName: String! + + "Id of the scheduled search." + id: String! } input EnableWorkerQueryTracingInputType { - quotaKey: String! - expiry: DateTime! + "The quota key to enable tracing for. All queries belonging to this quota key will be traced." + quotaKey: String! + + "The end timestamp for tracing. Tracing for this quota key will be disabled automatically once this time is reached. Will be clamped to be at most 15 minutes in the future." + expiry: DateTime! } -""" -Enable or disable language restrictions -""" +"Scope of feature flag enablement" +enum EnabledInScope { + GlobalScope + OrganizationScope + UserScope + Disabled +} + +"Enable or disable language restrictions" input EnabledInput { -""" -Enable or disable language restrictions -""" - version: LanguageVersionEnum! -""" -Enable or disable language restrictions -""" - enabled: Boolean! + version: LanguageVersionEnum! + enabled: Boolean! } input EnforceSubdomainsInput { - enforce: Boolean! + enforce: Boolean! } -""" -Information about an enrolled collector -""" +"Information about an enrolled collector" type EnrolledCollector { -""" -Stability: Short-term -""" - id: String! -""" -Stability: Short-term -""" - configId: String -""" -Stability: Short-term -""" - machineId: String! -} + "Stability: Short-term" + id: String! @stability(level: ShortTerm) -""" -Enterprise only authentication. -""" -type EnterpriseOnlyAuthentication implements AuthenticationMethod{ -""" -Stability: Long-term -""" - name: String! -} + "Stability: Short-term" + configId: String @stability(level: ShortTerm) -""" -A single field in an event with a name and a value -""" -type EventField { -""" -The name of the field -Stability: Long-term -""" - fieldName: String! -""" -The value of the field -Stability: Long-term -""" - value: String! + "Stability: Short-term" + machineId: String! @stability(level: ShortTerm) } -""" -A single field in an event with a key and a value -""" -type Field { -""" -The key of the field -Stability: Long-term -""" - key: String! -""" -The value of the field -Stability: Long-term -""" - value: String! +"Enterprise only authentication." +type EnterpriseOnlyAuthentication implements AuthenticationMethod { + "Stability: Long-term" + name: String! @stability(level: LongTerm) } -input FieldConfigurationInput { - viewId: String! - fieldName: String! - json: JSON! +input EntitiesLabelsInputType { + entityTypes: [EntitySearchEntityType!]! + paths: [String!] } -""" -Assertion results can be uniquely identified by the output event index and the field name they operate on. So if the same field on the same event has multiple assertions attached, this failure is produced. -""" -type FieldHadConflictingAssertions { -""" -Field being asserted on. -Stability: Long-term -""" - fieldName: String! +input EntitiesPackagesInputType { + entityTypes: [EntitySearchEntityType!]! + paths: [String!] } -""" -An assertion was made that a field had some value, and this assertion failed due to an unexpected value for the field. -""" -type FieldHadUnexpectedValue { -""" -Field being asserted on. -Stability: Long-term -""" - fieldName: String! -""" -Value that was asserted to be contained in the field. -Stability: Long-term -""" - expectedValue: String! -""" -The actual value of the field. Note that this is null in the case where the field wasn't present at all. -Stability: Long-term -""" - actualValue: String +enum EntitiesPageDirection { + Next + Previous + RefreshCurrentFromFirstCursor + RefreshCurrentFromLastCursor } -""" -Asserts that a given field has an expected value after having been parsed. -""" -input FieldHasValueInput { -""" -Asserts that a given field has an expected value after having been parsed. -""" - fieldName: String! -""" -Asserts that a given field has an expected value after having been parsed. -""" - expectedValue: String! +input EntitiesPageInputType { + cursor: String! + direction: EntitiesPageDirection! +} + +enum EntityFieldType { + ActionInstalledAsPartOf + ActionLabels + ActionType + CanChange + CanDelete + CreatedInfoAuthor + CreatedInfoTimestamp + DashboardDisplayName + DashboardIsStarred + DashboardLabels + DashboardSearchDomainName + Description + FileCreatedAt + FileLabels + FileNameAndPath + FilePackageId + FilePath + FileSizeBytes + FileUploadedDate + InteractionConditions + InteractionTitleTemplate + InteractionTypeInfo + ModifiedInfoAuthor + ModifiedInfoTimestamp + Name + PackageId + PackageName + PackageScope + ParserFieldsToBeRemovedBeforeParsing + ParserInstalledAsPartOf + ParserIsBuiltIn + ParserIsOverridden + ParserOrigin + ParserOverridesBuiltInParser + ParserScript + ParserTagFields + ParserTestCases + SavedQueryIsStarred + SavedQueryLabels + ScheduledReportDashboardName + ScheduledReportLabels + ScheduledReportStatus + TimeOfLastExecution + TimeOfNextPlannedExecution + Type + UnversionedPackageId + View } -input FieldInteractionConditionInput { - fieldName: String! - operator: FieldConditionOperatorType! - argument: String! +enum EntitySearchEntityType { + Action + Dashboard + File + Interaction + Parser + SavedQuery + ScheduledReport } -""" -An assertion was made that a field should not be present, and this assertion failed. -""" -type FieldUnexpectedlyPresent { -""" -Field being asserted on. -Stability: Long-term -""" - fieldName: String! -""" -The value that the field contained. -Stability: Long-term -""" - actualValue: String! +input EntitySearchInputType { + searchTerm: String = "" + pageSize: Int = 100 + paths: [String!] + sortBy: [EntitySearchSortInfoType!] + entityTypes: [EntitySearchEntityType!]! + fieldFilters: [FieldFilterInput!] } -""" -A dashboard parameter where suggestions are taken from uploaded files. -""" -type FileDashboardParameter implements DashboardParameter{ -""" -The name of the file to perform lookups in. -Stability: Long-term -""" - fileName: String! -""" -The column where the value of suggestions are taken from, -Stability: Long-term -""" - valueColumn: String! -""" -The column where the label of suggestions are taken from, -Stability: Long-term -""" - labelColumn: String -""" -Fields and values, where an entry in a file must match one of the given values for each field. -Stability: Long-term -""" - valueFilters: [FileParameterValueFilter!]! -""" -Regex patterns used to block parameter input. -Stability: Long-term -""" - invalidInputPatterns: [String!] -""" -Message when parameter input is blocked. -Stability: Long-term -""" - invalidInputMessage: String -""" -The ID of the parameter. -Stability: Long-term -""" - id: String! -""" -The label or 'name' displayed next to the input for the variable to make it more human-readable. -Stability: Long-term -""" - label: String! -""" -The value assigned to the parameter on dashboard load, if no other value is specified. -Stability: Long-term -""" - defaultValueV2: String -""" -A number that determines the order in which parameters are displayed on a dashboard. If null, the parameter is ordered after other parameters in alphanumerical order. -Stability: Long-term -""" - order: Int -""" -A number that determines the width of a parameter. -Stability: Long-term -""" - width: Int -} +union EntitySearchResultEntity = ViewInteractionEntry | FileEntry | DashboardEntry | SavedQueryEntry | ActionEntry | ParserEntry | ScheduledReportEntry -""" -A filter to reduce entries from files down to those with a matching value in the field. -""" -type FileParameterValueFilter { -""" -Stability: Long-term -""" - field: String! -""" -Stability: Long-term -""" - values: [String!]! +input EntitySearchSortInfoType { + name: EntityFieldType! + order: EntitySearchSortOrderType! } -input FilterInput { - id: String! - name: String! - prefix: String! +enum EntitySearchSortOrderType { + Ascending + Descending } -""" -A dashboard parameter with a fixed list of values to select from. -""" -type FixedListDashboardParameter implements DashboardParameter{ -""" -Stability: Long-term -""" - values: [FixedListParameterOption!]! -""" -The ID of the parameter. -Stability: Long-term -""" - id: String! -""" -The label or 'name' displayed next to the input for the variable to make it more human-readable. -Stability: Long-term -""" - label: String! -""" -The value assigned to the parameter on dashboard load, if no other value is specified. -Stability: Long-term -""" - defaultValueV2: String -""" -A number that determines the order in which parameters are displayed on a dashboard. If null, the parameter is ordered after other parameters in alphanumerical order. -Stability: Long-term -""" - order: Int -""" -A number that determines the width of a parameter. -Stability: Long-term -""" - width: Int +enum EnvironmentType { + ON_PREM + ON_CLOUD + ON_COMMUNITY } -""" -An option in a fixed list parameter. -""" -type FixedListParameterOption { -""" -Stability: Long-term -""" - label: String! -""" -Stability: Long-term -""" - value: String! -} +"Usage information" +type EnvironmentVariableUsage { + """ + The source for this environment variable. "Environment": the value is from the environment, "Default": variable not found in the environment, but a default value is used, "Missing": no variable or default found + Stability: Short-term + """ + source: String! @stability(level: ShortTerm) + + """ + Value for this variable + Stability: Short-term + """ + value: String! @stability(level: ShortTerm) + + """ + Environment variable name + Stability: Short-term + """ + name: String! @stability(level: ShortTerm) +} + +"A single field in an event with a name and a value" +type EventField { + """ + The name of the field + Stability: Long-term + """ + fieldName: String! @stability(level: LongTerm) -type FleetConfigurationTest { -""" -Stability: Short-term -""" - collectorIds: [String!]! -""" -Stability: Short-term -""" - configId: String! + """ + The value of the field + Stability: Long-term + """ + value: String! @stability(level: LongTerm) } -""" -A dashboard parameter without restrictions or suggestions. -""" -type FreeTextDashboardParameter implements DashboardParameter{ -""" -Regex patterns used to block parameter input. -Stability: Long-term -""" - invalidInputPatterns: [String!] -""" -Message when parameter input is blocked. -Stability: Long-term -""" - invalidInputMessage: String -""" -The ID of the parameter. -Stability: Long-term -""" - id: String! -""" -The label or 'name' displayed next to the input for the variable to make it more human-readable. -Stability: Long-term -""" - label: String! -""" -The value assigned to the parameter on dashboard load, if no other value is specified. -Stability: Long-term -""" - defaultValueV2: String -""" -A number that determines the order in which parameters are displayed on a dashboard. If null, the parameter is ordered after other parameters in alphanumerical order. -Stability: Long-term -""" - order: Int -""" -A number that determines the width of a parameter. -Stability: Long-term -""" - width: Int +"An event forwarder" +interface EventForwarder { + """ + Id of the event forwarder + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + Name of the event forwarder + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + Description of the event forwarder + Stability: Long-term + """ + description: String! @stability(level: LongTerm) + + """ + Is the event forwarder enabled + Stability: Long-term + """ + enabled: Boolean! @stability(level: LongTerm) +} + +"An event forwarder" +type EventForwarderForSelection { + """ + Id of the event forwarder + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + Name of the event forwarder + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + Description of the event forwarder + Stability: Long-term + """ + description: String! @stability(level: LongTerm) + + """ + Is the event forwarder enabled + Stability: Long-term + """ + enabled: Boolean! @stability(level: LongTerm) + + """ + The kind of event forwarder + Stability: Long-term + """ + kind: EventForwarderKind! @stability(level: LongTerm) +} + +"The kind of an event forwarder" +enum EventForwarderKind { + Kafka } -""" -Input list of function names -""" -input FunctionListInput { -""" -Input list of function names -""" - version: LanguageVersionEnum! -""" -Input list of function names -""" - functions: [String!]! -} +"An event forwarding rule" +type EventForwardingRule { + """ + The unique id for the event forwarding rule + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + The query string for filtering and mapping the events to forward + Stability: Long-term + """ + queryString: String! @stability(level: LongTerm) + + """ + The id of the event forwarder + Stability: Long-term + """ + eventForwarderId: String! @stability(level: LongTerm) + + """ + The unix timestamp that the event forwarder was created at + Stability: Long-term + """ + createdAt: Long @stability(level: LongTerm) + + "Stability: Long-term" + languageVersion: LanguageVersion! @stability(level: LongTerm) +} + +"Fields that helps describe the status of eviction" +type EvictionStatus { + "Stability: Long-term" + currentlyUnderReplicatedBytes: Long! @stability(level: LongTerm) -""" -The organization management roles of the group. -""" -type GroupOrganizationManagementRole { -""" -Stability: Long-term -""" - role: Role! -} + "Stability: Long-term" + totalSegmentBytes: Long! @stability(level: LongTerm) -input GroupRoleAssignment { - groupId: String! - roleId: String! -} + "Stability: Long-term" + isDigester: Boolean! @stability(level: LongTerm) -""" -A http request header. -""" -type HttpHeaderEntry { -""" -Key of a http(s) header. -Stability: Long-term -""" - header: String! -""" -Value of a http(s) header. -Stability: Long-term -""" - value: String! + "Stability: Long-term" + bytesThatExistOnlyOnThisNode: Float! @stability(level: LongTerm) } -""" -Http(s) Header entry. -""" -input HttpHeaderEntryInput { -""" -Http(s) Header entry. -""" - header: String! -""" -Http(s) Header entry. -""" - value: String! +"The specification of an external function." +type ExternalFunctionSpecificationOutput { + """ + The name of the external function. + Stability: Preview + """ + name: String! @stability(level: Preview) + + """ + The URL for the external function. + Stability: Preview + """ + procedureURL: String! @stability(level: Preview) + + """ + The parameter specifications for the external function. + Stability: Preview + """ + parameters: [ParameterSpecificationOutput!]! @stability(level: Preview) + + """ + The description for the external function. + Stability: Preview + """ + description: String! @stability(level: Preview) + + """ + The kind of external function. This defines how the external function is executed. + Stability: Preview + """ + kind: KindOutput! @stability(level: Preview) +} + +"Information about an FDR feed." +type FdrFeed { + """ + Id of the FDR feed. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + Name of the FDR feed. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + Description of the FDR feed. + Stability: Long-term + """ + description: String @stability(level: LongTerm) + + """ + The id of the parser that is used to parse the FDR data. + Stability: Long-term + """ + parserId: String! @stability(level: LongTerm) + + """ + AWS client id of the FDR feed. + Stability: Long-term + """ + clientId: String! @stability(level: LongTerm) + + """ + AWS SQS queue url of the FDR feed. + Stability: Long-term + """ + sqsUrl: String! @stability(level: LongTerm) + + """ + AWS S3 Identifier of the FDR feed. + Stability: Long-term + """ + s3Identifier: String! @stability(level: LongTerm) + + """ + Is ingest from the FDR feed enabled? + Stability: Long-term + """ + enabled: Boolean! @stability(level: LongTerm) +} + +"Administrator control for an FDR feed" +type FdrFeedControl { + """ + Id of the FDR feed. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + Maximum number of nodes to poll FDR feed with + Stability: Long-term + """ + maxNodes: Int @stability(level: LongTerm) + + """ + Maximum amount of files downloaded from s3 in parallel for a single node. + Stability: Long-term + """ + fileDownloadParallelism: Int @stability(level: LongTerm) } -""" -A LogScale repository action. -""" -type HumioRepoAction implements Action{ -""" -Humio ingest token for the dataspace that the action should ingest into. -Stability: Long-term -""" - ingestToken: String! -""" -The name of the action. -Stability: Long-term -""" - name: String! -""" -The display name of the action. -Stability: Long-term -""" - displayName: String! -""" -The id of the action. -Stability: Long-term -""" - id: String! -""" -A template that can be used to recreate the action. -Stability: Long-term -""" - yamlTemplate: YAML! -""" -Stability: Long-term -""" - packageId: VersionedPackageSpecifier -""" -The package, if any, which the action is part of. -Stability: Long-term -""" - package: PackageInstallation -""" -False if this type of action is disabled because of a security policy, true otherwise -Stability: Long-term -""" - isAllowedToRun: Boolean! -""" -True if this action is used by triggers, where the query is run by the organization. If true, then the OrganizationOwnedQueries permission is required to edit the action. -Stability: Long-term -""" - requiresOrganizationOwnedQueriesPermissionToEdit: Boolean! -""" -Allowed asset actions -Stability: Preview -""" - allowedActions: [AssetAction!]! -""" -The resource identifier for this action. -Stability: Short-term -""" - resource: String! +enum FeatureAnnouncement { + FetchMoreOnFieldsPanel + FieldInteractions + FilterMatchHighlighting + FleetRemoteUpdatesAndGroups + Interactions + OrganizationOwnedQueries + PuffinRebranding + ToolPanel + TriggerOverview + TriggerSearchPage +} + +"Represents a feature flag." +enum FeatureFlag { + """ + Export data to bucket storage. + Stability: Preview + """ + ExportToBucket @stability(level: Preview) + + """ + Enable repeating queries. Can be used instead of live queries for functions having limitations around live queries. + Stability: Preview + """ + RepeatingQueries @stability(level: Preview) + + """ + Use new organization limits. + Stability: Preview + """ + NewOrganizationLimits @stability(level: Preview) + + """ + Enable ArrayFunctions in query language. + THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + Stability: Preview + """ + ArrayFunctions @stability(level: Preview) + + """ + Enable query profiling functions in the query language. + THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + Stability: Preview + """ + QueryProfiler @stability(level: Preview) + + """ + Enable geography functions in query language. + THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + Stability: Preview + """ + GeographyFunctions @stability(level: Preview) + + """ + Prioritize newer over older segments. + THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + Stability: Preview + """ + CachePolicies @stability(level: Preview) + + """ + Enable searching across LogScale clusters. + Stability: Preview + """ + MultiClusterSearch @stability(level: Preview) + + """ + Enable subdomains for current cluster. + THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + Stability: Preview + """ + SubdomainForOrganizations @stability(level: Preview) + + """ + Enable Humio Managed repositories. The customer is not permitted to change certain configurations in a LogScale Managed repository. + THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + Stability: Preview + """ + ManagedRepositories @stability(level: Preview) + + """ + Allow users to configure FDR feeds for managed repositories + THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + Stability: Preview + """ + ManagedRepositoriesAllowFDRConfig @stability(level: Preview) + + """ + The UsagePage shows data from ingestAfterFieldRemovalSize instead of segmentWriteBytes + Stability: Preview + """ + UsagePageUsingIngestAfterFieldRemovalSize @stability(level: Preview) + + """ + Enable falcon data connector + Stability: Preview + """ + FalconDataConnector @stability(level: Preview) + + """ + Flag for testing, does nothing + THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + Stability: Preview + """ + SleepFunction @stability(level: Preview) + + """ + Enable login bridge + Stability: Preview + """ + LoginBridge @stability(level: Preview) + + """ + Enables download of macos installer for logcollector through fleet management + Stability: Preview + """ + MacosInstallerForLogCollector @stability(level: Preview) + + """ + Enables ephemeral hosts support for fleet management + Stability: Preview + """ + FleetEphemeralHosts @stability(level: Preview) + + """ + Enables fleet management collector metrics + Stability: Preview + """ + FleetCollectorMetrics @stability(level: Preview) + + """ + Force a refresh of ClusterManagementStats cache before calculating UnregisterNodeBlockers in clusterUnregisterNode mutation + Stability: Preview + """ + RefreshClusterManagementStatsInUnregisterNode @stability(level: Preview) + + """ + Use a new segment file format on write - not readable by older versions + Stability: Preview + """ + WriteNewSegmentFileFormat @stability(level: Preview) + + """ + Enables fleet management collector debug logging + Stability: Preview + """ + FleetCollectorDebugLogging @stability(level: Preview) + + """ + Enables LogScale Collector remote updates + Stability: Preview + """ + FleetRemoteUpdates @stability(level: Preview) + + """ + Enables labels for fleet management + Stability: Preview + """ + FleetLabels @stability(level: Preview) + + """ + Enables dashboards on fleet overview page + Stability: Preview + """ + FleetOverviewDashboards @stability(level: Preview) + + """ + Enables fleet management dashboards page + Stability: Preview + """ + FleetDashboardsPage @stability(level: Preview) + + """ + Enables TablePage UI on fleet management pages. + THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + Stability: Preview + """ + FleetTablePageUI @stability(level: Preview) + + """ + Enables migration of fleet metrics + Stability: Preview + """ + FleetMetricsMigration @stability(level: Preview) + + """ + Enables cache for LC-update + THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + Stability: Preview + """ + EnableLcUpdateCache @stability(level: Preview) + + """ + Use collector ID instead of machine ID + THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + Stability: Preview + """ + SwitchToCollectorIdOverMachineId @stability(level: Preview) + + """ + Enables a locking mechanism to prevent segment races + Stability: Preview + """ + LockingMechanismForSegmentRaces @stability(level: Preview) + + """ + Will add an additional header value to kafka messages containing derived tags + THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + Stability: Preview + """ + AddDerivedTagsToKafkaHeaders @stability(level: Preview) + + """ + Do not fetch segments upon digest startup + Stability: Preview + """ + ZeroFetchDigest @stability(level: Preview) + + """ + Use CrowdStrike Query Language Editor (CodeMirror 6) instead of Monaco for query editor + Stability: Preview + """ + CrowdStrikeQueryLanguageEditor @stability(level: Preview) + + """ + Enables complete state caching + Stability: Preview + """ + EnableCompleteStateCache @stability(level: Preview) + + """ + Enable periodically snapshotting state of live queries on workers + Stability: Preview + """ + PeriodicallySnapshotHistoricState @stability(level: Preview) + + """ + External Functions + THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. + Stability: Preview + """ + ExternalFunctions @stability(level: Preview) + + """ + Enable the LogScale Query Assistant + THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. + Stability: Preview + """ + QueryAssistant @stability(level: Preview) + + """ + Enable Flight Control support in cluster + THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + Stability: Preview + """ + FlightControl @stability(level: Preview) + + """ + Adds a derived #repo.cid tag when searching in views or dataspaces within an organization with an associated CID + THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + Stability: Preview + """ + DerivedCidTag @stability(level: Preview) + + """ + Enables graph queries + Stability: Preview + """ + GraphQueries @stability(level: Preview) + + """ + Enables aggregations for correlate + THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + Stability: Preview + """ + CorrelateAggregations @stability(level: Preview) + + """ + Enables the MITRE Detection Annotation function + THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + Stability: Preview + """ + MitreDetectionAnnotation @stability(level: Preview) + + """ + Enables having multiple role bindings for a single view in the same group. This feature can only be enabled when min version is at least 1.150.0 + Stability: Preview + """ + MultipleViewRoleBindings @stability(level: Preview) + + """ + When enabled, queries exceeding the AggregatorOutputRowLimit will get cancelled. When disabled, queries will continue to run, but a log is produced whenever the limit is exceeded. + Stability: Preview + """ + CancelQueriesExceedingAggregateOutputRowLimit @stability(level: Preview) + + """ + Enables mapping one group to more than one LogScale group with the same lookup name during group synchronization. + THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + Stability: Preview + """ + OneToManyGroupSynchronization @stability(level: Preview) + + """ + Enables LLM parser generation + THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + Stability: Preview + """ + LlmParserGeneration @stability(level: Preview) + + """ + Enables enriched parsers and handling enrichment headers in the HEC endpointThis flag has higher precedence than TestOnlyForceEnableXEnrichment flags + THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. + Stability: Preview + """ + EnrichedParsers @stability(level: Preview) + + """ + TO BE USED IN TEST ENVIRONMENTS ONLY: Enables HostEnrichment for all requests to the HEC Ingest endpoint,regardless of whether it was included in requested enrichmentsThis flag has lower precedence than EnrichedParsers flag + THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. + Stability: Preview + """ + TestOnlyForceEnableHostEnrichment @stability(level: Preview) + + """ + TO BE USED IN TEST ENVIRONMENTS ONLY: Enables MitreEnrichment for all requests to the HEC Ingest endpoint,regardless of whether it was included in requested enrichmentsThis flag has lower precedence than EnrichedParsers flag + THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. + Stability: Preview + """ + TestOnlyForceEnableMitreEnrichment @stability(level: Preview) + + """ + TO BE USED IN TEST ENVIRONMENTS ONLY: Enables UserEnrichment for all requests to the HEC Ingest endpoint,regardless of whether it was included in requested enrichmentsThis flag has lower precedence than EnrichedParsers flag + THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. + Stability: Preview + """ + TestOnlyForceEnableUserEnrichment @stability(level: Preview) + + """ + Enables the external data source sync job to sync entity data + THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. + Stability: Preview + """ + ExternalDataSourceSyncForEntity @stability(level: Preview) + + """ + Enables the external data source sync job to sync identity data + THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. + Stability: Preview + """ + ExternalDataSourceSyncForIdentity @stability(level: Preview) + + """ + Enables the external data source sync job to sync ip and hostname entity data + THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. + Stability: Preview + """ + ExternalDataSourceSyncHostsByIpAndName @stability(level: Preview) + + """ + Use the new sort, head, tail, and table datastructure + Stability: Preview + """ + SortNewDatastructure @stability(level: Preview) + + """ + Enable the new Bale format lookup file infrastructure + THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + Stability: Preview + """ + EnableBaleLookupFileInfrastructure @stability(level: Preview) + + """ + Disable the old CSV/JSON format lookup file infrastructure + THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + Stability: Preview + """ + DisableCsvJsonLookupFileInfrastructure @stability(level: Preview) + + """ + Enables integration with LogScale Assets Resolution Service (LARS) + THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. + Stability: Preview + """ + LogScaleAssetsResolutionService @stability(level: Preview) + + """ + Apply permission assignments from user info claim. + Stability: Preview + """ + PermissionsClaimFromUserInfo @stability(level: Preview) + + """ + Always log which groups are in group claim when authenticating. + THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + Stability: Preview + """ + GroupClaimLogging @stability(level: Preview) + + """ + Attaches a header to Ingest Queue records to indicate that the message can be forwarded by Kafka Egress Service + THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. + Stability: Preview + """ + KafkaEgressEventForwardingEnabled @stability(level: Preview) + + """ + Skips LogScale event forwarding for records that will instead be forwarded by Kafka Egress Service + THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. + Stability: Preview + """ + LogScaleEventForwardingDisabled @stability(level: Preview) + + """ + Applies access scope from from JWT claim + Stability: Preview + """ + JWTAccessScope @stability(level: Preview) + + """ + Allows LogScale to fetch lookup tables from a remote source + THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + Stability: Preview + """ + RemoteTable @stability(level: Preview) + + """ + Enables enhanced schema validation for parsers. Enabling this may produce additional validation errors that were not previously observed + Stability: Preview + """ + EnhancedSchemaValidation @stability(level: Preview) + + """ + Uses calculated, in-memory owner hosts for segments instead of storing this information in Global + THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + Stability: Preview + """ + UseInMemorySegmentOwnerHosts @stability(level: Preview) + + """ + Enables Bulk Actions feature for Asset Management Pages + Stability: Preview + """ + BulkActions @stability(level: Preview) + + """ + Adds the #repo.cid tag, if it exists, as a kafka header when events are forwarded. This requires the DerivedCidTag to be enabled too. + THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. + Stability: Preview + """ + CidHeaderInEventForwarderRecord @stability(level: Preview) + + """ + Allow for falcon analysts to generate query explanations + THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. + Stability: Preview + """ + GenerateQueryExplanations @stability(level: Preview) + + """ + Keeps hash files for a segment instead of deleting them, so it can be reused for queries + Stability: Preview + """ + KeepSegmentHashFiles @stability(level: Preview) + + """ + Layout and design changes for the Search view component + THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. + Stability: Preview + """ + SearchViewDesignChanges @stability(level: Preview) + + """ + Switch to new queuing code for file transfers + Stability: Preview + """ + NewFileTransferQueuing @stability(level: Preview) +} + +"Feature flags with details" +type FeatureFlagV2 { + "Stability: Preview" + flag: FeatureFlag! @stability(level: Preview) + + "Stability: Preview" + description: String! @stability(level: Preview) + + "Stability: Preview" + experimental: Boolean! @stability(level: Preview) } -input IPFilterIdInput { - id: String! +type FieldAliasSchema { + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + fields: [SchemaField!]! @stability(level: LongTerm) + + "Stability: Long-term" + instances: [AliasMapping!]! @stability(level: LongTerm) + + "Stability: Long-term" + version: String! @stability(level: LongTerm) + + "Stability: Long-term" + yamlTemplate: YAML! @stability(level: LongTerm) } -input IPFilterInput { - name: String! - ipFilter: String! +type FieldAliasSchemasInfo { + "Stability: Long-term" + schemas: [FieldAliasSchema!]! @stability(level: LongTerm) + + "Stability: Long-term" + activeSchemaOnOrg: String @stability(level: LongTerm) + + "Stability: Long-term" + activeSchemasOnViews: [ActiveSchemaOnView!]! @stability(level: LongTerm) } -input IPFilterUpdateInput { - id: String! - name: String - ipFilter: String +"Field condition comparison operator type" +enum FieldConditionOperatorType { + Equal + NotEqual + Contains + NotContains + StartsWith + EndsWith + Present + NotPresent + Unknown +} + +"Presentation preferences used when a field is added to table and event list widgets in the UI." +type FieldConfiguration { + """ + The field the configuration is associated with. + Stability: Long-term + """ + fieldName: String! @stability(level: LongTerm) + + """ + A JSON object containing the column properties applied to the column when it is added to a widget. + Stability: Long-term + """ + config: JSON! @stability(level: LongTerm) } -type Ignored implements contractual{ -""" +input FieldConfigurationInput { + viewId: String! + fieldName: String! + json: JSON! +} -Stability: Long-term -""" - includeUsage: Boolean! +input FieldFilterInput { + field: EntityFieldType! + filter: String! + operator: FieldFilterOperator } -""" -How to authenticate to AWS. -""" -input IngestFeedAwsAuthenticationInput { -""" -How to authenticate to AWS. -""" - kind: IngestFeedAwsAuthenticationKind! -""" -How to authenticate to AWS. -""" - roleArn: String +enum FieldFilterOperator { + Equal + GreaterThan + LessThan + GreaterThanOrEqualTo + LessThanOrEqualTo + Contains } -""" -The kind of AWS authentication to use. -""" -enum IngestFeedAwsAuthenticationKind { -""" -IAM role authentication -""" - IamRole +"Assertion results can be uniquely identified by the output event index and the field name they operate on. So if the same field on the same event has multiple assertions attached, this failure is produced." +type FieldHadConflictingAssertions { + """ + Field being asserted on. + Stability: Long-term + """ + fieldName: String! @stability(level: LongTerm) } -""" -The preprocessing to apply to an ingest feed before parsing. -""" -input IngestFeedPreprocessingInput { -""" -The preprocessing to apply to an ingest feed before parsing. -""" - kind: IngestFeedPreprocessingKind! +"An assertion was made that a field had some value, and this assertion failed due to an unexpected value for the field." +type FieldHadUnexpectedValue { + """ + Field being asserted on. + Stability: Long-term + """ + fieldName: String! @stability(level: LongTerm) + + """ + Value that was asserted to be contained in the field. + Stability: Long-term + """ + expectedValue: String! @stability(level: LongTerm) + + """ + The actual value of the field. Note that this is null in the case where the field wasn't present at all. + Stability: Long-term + """ + actualValue: String @stability(level: LongTerm) +} + +"An assertion that an event output from a parser test case has an expected value for a given field." +type FieldHasValue { + """ + Field to assert on. + Stability: Long-term + """ + fieldName: String! @stability(level: LongTerm) + + """ + Value expected to be contained in the field. + Stability: Long-term + """ + expectedValue: String! @stability(level: LongTerm) } -input IngestPartitionInput { - id: Int! - nodeIds: [Int!]! +"Asserts that a given field has an expected value after having been parsed." +input FieldHasValueInput { + "Field to assert on." + fieldName: String! + + "Value expected to be contained in the field." + expectedValue: String! } -input InputData { - id: String! +input FieldInteractionConditionInput { + fieldName: String! + operator: FieldConditionOperatorType! + argument: String! } -input InputDictionaryEntry { - key: String! - value: String! +"An assertion was made that a field should not be present, and this assertion failed." +type FieldUnexpectedlyPresent { + """ + Field being asserted on. + Stability: Long-term + """ + fieldName: String! @stability(level: LongTerm) + + """ + The value that the field contained. + Stability: Long-term + """ + actualValue: String! @stability(level: LongTerm) } -input InstallPackageFromRegistryInput { - viewName: RepoOrViewName! - packageId: VersionedPackageSpecifier! - queryOwnershipType: QueryOwnershipType +"A file upload to LogScale for use with the `match` query function. You can see them under the Files page in the UI." +type File { + "Stability: Long-term" + contentHash: String! @stability(level: LongTerm) + + "Stability: Long-term" + nameAndPath: FileNameAndPath! @stability(level: LongTerm) + + "Stability: Long-term" + createdAt: DateTime! @stability(level: LongTerm) + + "Stability: Long-term" + createdBy: String! @stability(level: LongTerm) + + "Stability: Long-term" + modifiedAt: DateTime! @stability(level: LongTerm) + + "Stability: Long-term" + fileSizeBytes: Long @stability(level: LongTerm) + + "Stability: Long-term" + modifiedBy: String! @stability(level: LongTerm) + + "Stability: Long-term" + packageId: VersionedPackageSpecifier @stability(level: LongTerm) + + "Stability: Long-term" + package: PackageInstallation @stability(level: LongTerm) + + """ + Allowed asset actions + Stability: Short-term + """ + allowedActions: [AssetAction!]! @stability(level: ShortTerm) + + """ + The resource identifier for this file. + Stability: Short-term + """ + resource: String! @stability(level: ShortTerm) + + """ + Labels associated with this file + Stability: Preview + """ + labels: [String!]! @stability(level: Preview) +} + +"A dashboard parameter where suggestions are taken from uploaded files." +type FileDashboardParameter implements DashboardParameter { + """ + The name of the file to perform lookups in. + Stability: Long-term + """ + fileName: String! @stability(level: LongTerm) + + """ + The column where the value of suggestions are taken from, + Stability: Long-term + """ + valueColumn: String! @stability(level: LongTerm) + + """ + The column where the label of suggestions are taken from, + Stability: Long-term + """ + labelColumn: String @stability(level: LongTerm) + + """ + Fields and values, where an entry in a file must match one of the given values for each field. + Stability: Long-term + """ + valueFilters: [FileParameterValueFilter!]! @stability(level: LongTerm) + + """ + Regex patterns used to block parameter input. + Stability: Long-term + """ + invalidInputPatterns: [String!] @stability(level: LongTerm) + + """ + Message when parameter input is blocked. + Stability: Long-term + """ + invalidInputMessage: String @stability(level: LongTerm) + + """ + The ID of the parameter. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + The label or 'name' displayed next to the input for the variable to make it more human-readable. + Stability: Long-term + """ + label: String! @stability(level: LongTerm) + + """ + The value assigned to the parameter on dashboard load, if no other value is specified. + Stability: Long-term + """ + defaultValueV2: String @stability(level: LongTerm) + + """ + A number that determines the order in which parameters are displayed on a dashboard. If null, the parameter is ordered after other parameters in alphanumerical order. + Stability: Long-term + """ + order: Int @stability(level: LongTerm) + + """ + A number that determines the width of a parameter. + Stability: Long-term + """ + width: Int @stability(level: LongTerm) +} + +"A file asset" +type FileEntry { + "Stability: Long-term" + file: File! @stability(level: LongTerm) + + "Stability: Long-term" + view: SearchDomain! @stability(level: LongTerm) } -type InstallPackageFromRegistryResult { -""" -Stability: Long-term -""" - package: Package2! +"A field in a file and what value the field should have for a given entry to pass the filter." +input FileFieldFilterType { + field: String! + values: [String!]! } -type InstallPackageFromZipResult { -""" -Stability: Long-term -""" - wasSuccessful: Boolean! +type FileNameAndPath { + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + """ + Paths for files can be one of two types: absolute or relative. + Absolute paths start with a slash, and relative paths start without a slash, like Unix paths. + + Every repository or view in the system is considered a "folder" in its own right, + meaning that every relative path is relative to the current view. + An absolute path points to something that can be addressed from any view, + and a relative path points to a file located inside the view. + If there is no path, it means the file is located at your current location. + + Stability: Long-term + """ + path: String @stability(level: LongTerm) } -type InteractionId { -""" -Stability: Long-term -""" - id: String! +"A filter to reduce entries from files down to those with a matching value in the field." +type FileParameterValueFilter { + "Stability: Long-term" + field: String! @stability(level: LongTerm) + + "Stability: Long-term" + values: [String!]! @stability(level: LongTerm) } -""" -A Kafka event forwarder -""" -type KafkaEventForwarder implements EventForwarder{ -""" -The Kafka topic the events should be forwarded to -Stability: Long-term -""" - topic: String! -""" -The Kafka producer configuration used to forward events in the form of properties (x.y.z=abc). See https://library.humio.com/humio-server/ingesting-data-event-forwarders.html#kafka-configuration. -Stability: Long-term -""" - properties: String! -""" -Id of the event forwarder -Stability: Long-term -""" - id: String! -""" -Name of the event forwarder -Stability: Long-term -""" - name: String! -""" -Description of the event forwarder -Stability: Long-term -""" - description: String! -""" -Is the event forwarder enabled -Stability: Long-term -""" - enabled: Boolean! +"A filter alert." +type FilterAlert { + """ + Id of the filter alert. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + Name of the filter alert. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + Description of the filter alert. + Stability: Long-term + """ + description: String @stability(level: LongTerm) + + """ + LogScale query to execute. + Stability: Long-term + """ + queryString: String! @stability(level: LongTerm) + + """ + List of ids for actions to fire on query result. + Stability: Long-term + """ + actions: [Action!]! @stability(level: LongTerm) + + """ + Labels attached to the filter alert. + Stability: Long-term + """ + labels: [String!]! @stability(level: LongTerm) + + """ + Flag indicating whether the filter alert is enabled. + Stability: Long-term + """ + enabled: Boolean! @stability(level: LongTerm) + + """ + Throttle time in seconds. + Stability: Long-term + """ + throttleTimeSeconds: Long @stability(level: LongTerm) + + """ + A field to throttle on. Can only be set if throttleTimeSeconds is set. + Stability: Long-term + """ + throttleField: String @stability(level: LongTerm) + + """ + Unix timestamp for last successful poll of the filter alert query. If this is not quite recent, then the alert might be having problems. + Stability: Long-term + """ + lastSuccessfulPoll: Long @stability(level: LongTerm) + + """ + Unix timestamp for last execution of trigger. + Stability: Long-term + """ + lastTriggered: Long @stability(level: LongTerm) + + """ + Unix timestamp for last error. + Stability: Long-term + """ + lastErrorTime: Long @stability(level: LongTerm) + + """ + Last error encountered while running the filter alert. + Stability: Long-term + """ + lastError: String @stability(level: LongTerm) + + """ + Last warnings encountered while running the filter alert. + Stability: Long-term + """ + lastWarnings: [String!]! @stability(level: LongTerm) + + """ + YAML specification of the filter alert. + Stability: Long-term + """ + yamlTemplate: YAML! @stability(level: LongTerm) + + """ + The id of the package that the alert was installed as part of. + Stability: Long-term + """ + packageId: VersionedPackageSpecifier @stability(level: LongTerm) + + """ + User or token used to modify the asset. + Stability: Preview + """ + modifiedInfo: ModifiedInfo! @stability(level: Preview) + + """ + The package that the alert was installed as part of. + Stability: Long-term + """ + package: PackageInstallation @stability(level: LongTerm) + + """ + Ownership of the query run by this alert + Stability: Long-term + """ + queryOwnership: QueryOwnership! @stability(level: LongTerm) + + """ + Allowed asset actions + Stability: Short-term + """ + allowedActions: [AssetAction!]! @stability(level: ShortTerm) + + """ + The resource identifier for this filter alert. + Stability: Short-term + """ + resource: String! @stability(level: ShortTerm) + + """ + Metadata related to the creation of the filter alert + Stability: Long-term + """ + createdInfo: AssetCommitMetadata @stability(level: LongTerm) } -""" -Defines how the external function is executed. -""" -input KindInput { -""" -Defines how the external function is executed. -""" - name: KindEnum! -""" -Defines how the external function is executed. -""" - parametersDefiningKeyFields: [String!] -""" -Defines how the external function is executed. -""" - fixedKeyFields: [String!] +type FilterAlertTemplate { + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + displayName: String! @stability(level: LongTerm) + + "Stability: Long-term" + yamlTemplate: YAML! @stability(level: LongTerm) + + "Stability: Long-term" + labels: [String!]! @stability(level: LongTerm) } -type Limited implements contractual{ -""" +input FilterInput { + id: String! + name: String! + prefix: String! +} -Stability: Long-term -""" - limit: Long! -""" +input FilterPrefixQueryKindInputType { + justIgnoreMe_: Int +} -Stability: Long-term -""" - includeUsage: Boolean! +"A dashboard parameter with a fixed list of values to select from." +type FixedListDashboardParameter implements DashboardParameter { + "Stability: Long-term" + values: [FixedListParameterOption!]! @stability(level: LongTerm) + + """ + The ID of the parameter. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + The label or 'name' displayed next to the input for the variable to make it more human-readable. + Stability: Long-term + """ + label: String! @stability(level: LongTerm) + + """ + The value assigned to the parameter on dashboard load, if no other value is specified. + Stability: Long-term + """ + defaultValueV2: String @stability(level: LongTerm) + + """ + A number that determines the order in which parameters are displayed on a dashboard. If null, the parameter is ordered after other parameters in alphanumerical order. + Stability: Long-term + """ + order: Int @stability(level: LongTerm) + + """ + A number that determines the width of a parameter. + Stability: Long-term + """ + width: Int @stability(level: LongTerm) } -input LinkInput { - name: String! - token: String! +"An option in a fixed list parameter." +type FixedListParameterOption { + "Stability: Long-term" + label: String! @stability(level: LongTerm) + + "Stability: Long-term" + value: String! @stability(level: LongTerm) } -""" -A widget that lists links to other dashboards. -""" -type LinkWidget implements Widget{ -""" -Stability: Preview -""" - labels: [String!]! -""" -Stability: Long-term -""" - id: String! -""" -Stability: Long-term -""" - title: String! -""" -Stability: Long-term -""" - description: String -""" -Stability: Long-term -""" - x: Int! -""" -Stability: Long-term -""" - y: Int! -""" -Stability: Long-term -""" - width: Int! -""" -Stability: Long-term -""" - height: Int! +type FleetConfigurationTest { + "Stability: Short-term" + collectorIds: [String!]! @stability(level: ShortTerm) + + "Stability: Short-term" + configId: String! @stability(level: ShortTerm) } -""" -A local cluster connection. -""" -type LocalClusterConnection implements ClusterConnection{ -""" -Id of the local view to connect with -Stability: Short-term -""" - targetViewId: String! -""" -Name of the local view to connect with -Stability: Short-term -""" - targetViewName: RepoOrViewName! -""" -Stability: Short-term -""" - targetViewType: LocalTargetType! -""" -Id of the connection -Stability: Short-term -""" - id: String! -""" -Cluster identity of the connection -Stability: Short-term -""" - clusterId: String! -""" -Cluster connection tags -Stability: Short-term -""" - tags: [ClusterConnectionTag!]! -""" -Cluster connection query prefix -Stability: Short-term -""" - queryPrefix: String! +enum FleetConfiguration__SortBy { + Name + ModifiedBy + Instances + Size + LastModified } -""" -Indicates whether the target of a local cluster connection is a view or a repo -""" -enum LocalTargetType { - View - Repo +enum FleetGroups__SortBy { + Collectors + Filter + Name + WantedVersion } -input LoginBridgeInput { - name: String! - description: String! - issuer: String! - remoteId: String! - loginUrl: String! - relayStateUrl: String! - samlEntityId: String! - privateSamlCertificate: String! - publicSamlCertificate: String! - allowedUsers: [String!]! - groupAttribute: String! - groups: [String!]! - organizationIdAttributeName: String! - additionalAttributes: String - organizationNameAttribute: String - generateUserName: Boolean! - termsDescription: String! - termsLink: String! +type FleetInstallationToken { + "Stability: Short-term" + token: String! @stability(level: ShortTerm) + + "Stability: Short-term" + jwtToken: String! @stability(level: ShortTerm) + + "Stability: Short-term" + name: String! @stability(level: ShortTerm) + + "Stability: Short-term" + assignedConfiguration: LogCollectorConfiguration @stability(level: ShortTerm) + + "Stability: Short-term" + expiresAt: Long @stability(level: ShortTerm) + + "Stability: Short-term" + installationCommands: LogCollectorInstallCommand! @stability(level: ShortTerm) } -input LoginBridgeUpdateInput { - name: String - description: String - issuer: String - remoteId: String - loginUrl: String - relayStateUrl: String - samlEntityId: String - privateSamlCertificate: String - publicSamlCertificate: String - allowedUsers: [String!] - groupAttribute: String - groups: [String!] - organizationIdAttributeName: String - additionalAttributes: String - organizationNameAttribute: String - generateUserName: Boolean - termsDescription: String - termsLink: String +enum FleetInstallationTokens__SortBy { + Name + ConfigName } -input MarkLimitDeletedInput { - limitName: String! - deleted: Boolean! +enum Fleet__SortBy { + Hostname + System + Version + Ingest + LastActivity + ConfigName + CpuAverage5Min + MemoryMax5Min + DiskMax5Min + Change + Labels +} + +"Settings for the Java Flight Recorder." +type FlightRecorderSettings { + """ + True if OldObjectSample is enabled + Stability: Preview + """ + oldObjectSampleEnabled: Boolean! @stability(level: Preview) + + """ + The duration old object sampling will run for before dumping results and restarting + Stability: Preview + """ + oldObjectSampleDurationMinutes: Long! @stability(level: Preview) +} + +"A dashboard parameter without restrictions or suggestions." +type FreeTextDashboardParameter implements DashboardParameter { + """ + Regex patterns used to block parameter input. + Stability: Long-term + """ + invalidInputPatterns: [String!] @stability(level: LongTerm) + + """ + Message when parameter input is blocked. + Stability: Long-term + """ + invalidInputMessage: String @stability(level: LongTerm) + + """ + The ID of the parameter. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + The label or 'name' displayed next to the input for the variable to make it more human-readable. + Stability: Long-term + """ + label: String! @stability(level: LongTerm) + + """ + The value assigned to the parameter on dashboard load, if no other value is specified. + Stability: Long-term + """ + defaultValueV2: String @stability(level: LongTerm) + + """ + A number that determines the order in which parameters are displayed on a dashboard. If null, the parameter is ordered after other parameters in alphanumerical order. + Stability: Long-term + """ + order: Int @stability(level: LongTerm) + + """ + A number that determines the width of a parameter. + Stability: Long-term + """ + width: Int @stability(level: LongTerm) +} + +"Input list of function names" +input FunctionListInput { + version: LanguageVersionEnum! + functions: [String!]! +} + +"Archiving configuration for GCS, i.e. bucket and format." +type GCSArchivingConfiguration implements ArchivingConfiguration { + """ + Bucket name for storing archived data. Example: acme-bucket. + Stability: Short-term + """ + bucket: String! @stability(level: ShortTerm) + + """ + Do not archive logs older than this. + Stability: Short-term + """ + startFrom: DateTime @stability(level: ShortTerm) + + """ + Whether the archiving has been disabled. + Stability: Short-term + """ + disabled: Boolean @stability(level: ShortTerm) + + """ + The format to store the archived data in Google Cloud Storage + Stability: Short-term + """ + format: ArchivingFormat @stability(level: ShortTerm) + + """ + Array of names of tag fields to use in that order in the output file names. + Stability: Short-term + """ + tagOrderInName: [String!]! @stability(level: ShortTerm) +} + +"Data for generating an unsaved aggregate alert object from a library package template" +input GenerateAggregateAlertFromPackageTemplateInput { + "Name of the view of the aggregate alert." + viewName: RepoOrViewName! + + "The id of the package of the aggregate alert template." + packageId: VersionedPackageSpecifier! + + "The name of the aggregate alert template in the package." + templateName: String! } -enum MergeStrategy { - Theirs - Ours +"Data for generating an unsaved aggregate alert object from a yaml template" +input GenerateAggregateAlertFromTemplateInput { + "Name of the view of the aggregate alert." + viewName: RepoOrViewName! + + "YAML specification of the aggregate alert." + yamlTemplate: YAML! } -input MigrateLimitsInput { - createLogLimit: Boolean! - defaultLimit: String +"Data for generating an unsaved alert object from a library package template" +input GenerateAlertFromPackageTemplateInput { + "Name of the view of the legacy alert." + viewName: RepoOrViewName! + + "The id of the package that the alert was installed as part of." + packageId: VersionedPackageSpecifier! + + "The name of the alert template in the package." + templateName: String! } -""" -Modified by a supporter -""" -type ModifiedInfoSupporter implements ModifiedInfo{ -""" -Timestamp of when the asset was last modified -Stability: Long-term -""" - modifiedAt: Long! +"Data for generating an unsaved alert object from a yaml template" +input GenerateAlertFromTemplateInput { + "Name of the view of the legacy alert." + viewName: RepoOrViewName! + + "YAML specification of the alert." + yamlTemplate: YAML! } -""" -Modified using a token -""" -type ModifiedInfoToken implements ModifiedInfo{ -""" -Id of the token used to modify the asset. -Stability: Long-term -""" - tokenId: String! -""" -Timestamp of when the asset was last modified -Stability: Long-term -""" - modifiedAt: Long! +"Data for generating an unsaved filter alert object from a library package template" +input GenerateFilterAlertFromPackageTemplateInput { + "Name of the view of the filter alert." + viewName: RepoOrViewName! + + "The id of the package of the filter alert template." + packageId: VersionedPackageSpecifier! + + "The name of the filter alert template in the package." + templateName: String! } -""" -Modified by a user -""" -type ModifiedInfoUser implements ModifiedInfo{ -""" -User who modified the asset. If null, the user is deleted. -Stability: Long-term -""" - user: User -""" -Timestamp of when the asset was last modified -Stability: Long-term -""" - modifiedAt: Long! +"Data for generating an unsaved filter alert object from a yaml template" +input GenerateFilterAlertFromTemplateInput { + "Name of the view of the filter alert." + viewName: RepoOrViewName! + + "YAML specification of the filter alert." + yamlTemplate: YAML! } -type Mutation { -""" -Will clear the search limit and excluded repository making future searches done on this view behave normally, i.e. having no search time-limit applied -Stability: Preview -""" - ClearSearchLimitForSearchDomain( -""" -Data for clearing the search limit on a search domain. -""" - input: ClearSearchLimitForSearchDomain! - ): View! -""" -Will update search limit, which will restrict future searches to the specified limit, a list of repository names can be supplied and will not be restricted by this limit. -Stability: Preview -""" - SetSearchLimitForSearchDomain( -""" -Data for updating search limit on a search domain. -""" - input: SetSearchLimitForSearchDomain! - ): View! -""" -Client accepts LogScale's Terms and Conditions without providing any additional info -Stability: Long-term -""" - acceptTermsAndConditions: Account! -""" -Activates a user account supplying additional personal info. By activating the account the client accepts LogScale's Terms and Conditions: https://www.humio.com/terms-and-conditions -Stability: Long-term -""" - activateAccount( -""" -The first name of the user. -""" - firstName: String! -""" -The last name of the user. -""" - lastName: String! -""" -The email address of the user. -""" - email: String! -""" -The name of company the user represents or is associated with. -""" - company: String! -""" -The two letter ISO 3166-1 Alpha-2 country code for the country where the company is located. -""" - countryCode: String! -""" -Optional country subdivision following ISO 3166-2. -""" - stateCode: String -""" -Optional zip code. Required for community mode. -""" - zip: String -""" -Optional phone number. Required for community mode. -""" - phoneNumber: String - utmParams: UtmParams - ): Account! -""" -Add a label to an alert. -Stability: Long-term -""" - addAlertLabelV2( -""" -Data for adding a label to an alert -""" - input: AddAlertLabel! - ): Alert! -""" -Stability: Preview -""" - addCrossOrgViewConnections( - input: AddCrossOrganizationViewConnectionFiltersInput! - ): View! -""" -Add a new filter to a dashboard's list of filters. -Stability: Long-term -""" - addDashboardFilter( - name: String! - prefixFilter: String! - id: String! - searchDomainName: String! - ): Dashboard! -""" -Add a label to a dashboard. -Stability: Long-term -""" - addDashboardLabel( - id: String! - label: String! - ): Dashboard! -""" -Adds a field alias mapping to an existing schema. Returns the ID of the alias mapping if created successfully. -Stability: Long-term -""" - addFieldAliasMapping( - input: AddAliasMappingInput! - ): String! -""" -Enable functions for use with specified language version. -Stability: Preview -""" - addFunctionsToAllowList( - input: FunctionListInput! - ): Boolean! -""" -Creates a new group. -Stability: Long-term -""" - addGroup( - displayName: String! - lookupName: String - ): AddGroupMutation! -""" -Create a new Ingest API Token. -Stability: Long-term -""" - addIngestTokenV3( - input: AddIngestTokenV3Input! - ): IngestToken! -""" -Add a Limit to the given organization -""" - addLimit( - input: AddLimitInput! - ): Boolean! -""" -Add a Limit to the given organization -Stability: Long-term -""" - addLimitV2( - input: AddLimitV2Input! - ): LimitV2! -""" -Stability: Long-term -""" - addLoginBridgeAllowedUsers( - userID: String! - ): LoginBridge! -""" -Add or update default Query Quota Settings -Stability: Short-term -""" - addOrUpdateQueryQuotaDefaultSettings( - input: QueryQuotaDefaultSettingsInput! - ): QueryQuotaDefaultSettings! -""" -Add or update existing Query Quota User Settings -Stability: Short-term -""" - addOrUpdateQueryQuotaUserSettings( - input: QueryQuotaUserSettingsInput! - ): QueryQuotaUserSettings! -""" -Adds a query to the list of recent queries. The query is a JSON encoded query and visualization structure produced by the UI. -Stability: Long-term -""" - addRecentQuery( - input: AddRecentQueryInput! - ): AddRecentQuery! -""" -Add a label to a scheduled search. -Stability: Long-term -""" - addScheduledSearchLabel( -""" -Data for adding a label to a scheduled search -""" - input: AddLabelScheduledSearch! - ): ScheduledSearch! -""" -Add a star to an alert. -""" - addStarToAlertV2( -""" -Data for adding a star to an alert -""" - input: AddStarToAlert! - ): Alert! -""" -Add a star to a dashboard. -Stability: Long-term -""" - addStarToDashboard( - id: String! - ): Dashboard! -""" -Stability: Long-term -""" - addStarToField( - input: AddStarToFieldInput! - ): AddStarToFieldMutation! -""" -Add a star to a scheduled search. -""" - addStarToScheduledSearch( -""" -Data for adding a star to a scheduled search -""" - input: AddStarScheduledSearch! - ): ScheduledSearch! -""" -Add a star to a repository or view. -Stability: Long-term -""" - addStarToSearchDomain( - name: String! - ): SearchDomain! -""" -Adds a subdomain to the organization. Becomes primary subdomain if no primary has been set, and secondary otherwise -Stability: Preview -""" - addSubdomain( - input: AddSubdomainInput! - ): Organization! -""" -Blocklist a query based on a pattern based on a regex or exact match. -Stability: Long-term -""" - addToBlocklist( -""" -Data for adding to the blocklist -""" - input: AddToBlocklistInput! - ): [BlockedQuery!]! -""" -Blocklist a query based on a pattern based on a regex or exact match. -Stability: Long-term -""" - addToBlocklistById( -""" -Data for adding to the blocklist -""" - input: AddToBlocklistByIdInput! - ): [BlockedQuery!]! -""" -Stability: Long-term -""" - addToLogCollectorConfigurationTest( - configId: String! - collectorIds: [String!]! - ): FleetConfigurationTest! -""" -Add or invite a user. Calling this with an invitation token, will activate the account. By activating the account the client accepts LogScale's Terms and Conditions: https://www.humio.com/terms-and-conditions -Stability: Long-term -""" - addUserV2( - input: AddUserInputV2! - ): userOrPendingUser! -""" -Adds users to an existing group. -Stability: Long-term -""" - addUsersToGroup( - input: AddUsersToGroupInput! - ): AddUsersToGroupMutation! -""" -Stability: Short-term -""" - assignLogCollectorConfiguration( - configId: String - id: String! - ): Boolean! -""" -Stability: Short-term -""" - assignLogCollectorsToConfiguration( - configId: String - ids: [String!] - ): [EnrolledCollector!]! -""" -Assigns an organization management role to a group for the provided organizations. -Stability: Preview -""" - assignOrganizationManagementRoleToGroup( - input: AssignOrganizationManagementRoleToGroupInput! - ): AssignOrganizationManagementRoleToGroupMutation! -""" -Assigns an organization role to a group. -Stability: Long-term -""" - assignOrganizationRoleToGroup( - input: AssignOrganizationRoleToGroupInput! - ): AssignOrganizationRoleToGroupMutation! -""" -Assign an ingest token to be associated with a parser. -Stability: Long-term -""" - assignParserToIngestTokenV2( - input: AssignParserToIngestTokenInputV2! - ): IngestToken! -""" -Assigns permissions to users or groups for resource. -Stability: Preview -""" - assignPermissionsForResources( - input: [PermissionAssignmentInputType!]! - ): [UserOrGroup!]! -""" -Assigns a role to a group for a given view. If called with overrideExistingAssignmentsForView=false, this mutation can assign multiple roles for the same view. Calling with overrideExistingAssignmentsForView=false is thus only available if the MultipleViewRoleBindings feature is enabled. -Stability: Long-term -""" - assignRoleToGroup( - input: AssignRoleToGroupInput! - ): AssignRoleToGroupMutation! -""" -Assigns a system role to a group. -Stability: Long-term -""" - assignSystemRoleToGroup( - input: AssignSystemRoleToGroupInput! - ): AssignSystemRoleToGroupMutation! -""" -Assign node tasks. This is not a replacement, but will add to the existing assigned node tasks. Returns the set of assigned tasks after the assign operation has completed. -Stability: Short-term -""" - assignTasks( -""" -ID of the node to assign node tasks to. -""" - nodeID: Int! -""" -List of tasks to assign. -""" - tasks: [NodeTaskEnum!]! - ): [NodeTaskEnum!]! -""" -Assigns roles for the user in the search domain. This mutation allows assigning multiple roles for the same view and is thus dependent on the MultipleViewRoleBindings feature being enabled. -Stability: Preview -""" - assignUserRolesInSearchDomain( - input: AssignUserRolesInSearchDomainInput! - ): [User!]! -""" -Batch update query ownership to run queries on behalf of the organization for triggers and shared dashboards. -Stability: Long-term -""" - batchUpdateQueryOwnership( - input: BatchUpdateQueryOwnershipInput! - ): Boolean! -""" -Block ingest to the specified repository for a number of seconds (at most 1 year) into the future -Stability: Short-term -""" - blockIngest( - repositoryName: String! - seconds: Int! - ): BlockIngestMutation! -""" -Set whether the organization is blocking ingest and dataspaces are pausing ingest -Stability: Long-term -""" - blockIngestOnOrg( - input: BlockIngestOnOrgInput! - ): Organization! -""" -Cancel a previously submitted redaction. Returns true if the redaction was cancelled, false otherwise. Cancellation is best effort. If some events have already been redacted, they are not restored. -Stability: Long-term -""" - cancelRedactEvents( - input: CancelRedactEventsInput! - ): Boolean! -""" -Updates the user and group role assignments in the search domain. -Stability: Long-term -""" - changeUserAndGroupRolesForSearchDomain( - searchDomainId: String! - groups: [GroupRoleAssignment!]! - users: [UserRoleAssignment!]! - ): [UserOrGroup!]! -""" -Set CID of provisioned organization -Stability: Short-term -""" - clearCid: Organization! -""" -Clear the error status on an aggregate alert. The status will be updated if the error reoccurs. -Stability: Long-term -""" - clearErrorOnAggregateAlert( -""" -Data for clearing the error on an aggregate alert. -""" - input: ClearErrorOnAggregateAlertInput! - ): AggregateAlert! -""" -Clear the error status on an alert. The status will be updated if the error reoccurs. -Stability: Long-term -""" - clearErrorOnAlert( -""" -Data for clearing the error on an alert -""" - input: ClearErrorOnAlertInput! - ): Alert! -""" -Clear the error status on a filter alert. The status will be updated if the error reoccurs. -Stability: Long-term -""" - clearErrorOnFilterAlert( -""" -Data for clearing the error on a filter alert -""" - input: ClearErrorOnFilterAlertInput! - ): FilterAlert! -""" -Clear the error status on a scheduled search. The status will be updated if the error reoccurs. -Stability: Long-term -""" - clearErrorOnScheduledSearch( -""" -Data for clearing the error on a scheduled search -""" - input: ClearErrorOnScheduledSearchInput! - ): ScheduledSearch! -""" -Clears UI configurations for all fields for the current user -Stability: Long-term -""" - clearFieldConfigurations( - input: ClearFieldConfigurationsInput! - ): Boolean! -""" -Clear recent queries for current user on a given view or repository. -Stability: Long-term -""" - clearRecentQueries( - input: ClearRecentQueriesInput! - ): Boolean! -""" -Create a clone of an existing parser. -Stability: Long-term -""" - cloneParser( - input: CloneParserInput! - ): Parser! -""" -Unregisters a node from the cluster. -Stability: Long-term -""" - clusterUnregisterNode( -""" -Force removal of the node. I hope you know what you are doing! -""" - force: Boolean! -""" -ID of the node to unregister. -""" - nodeID: Int! - ): UnregisterNodeMutation! -""" -Create a clone of a dashboard. -Stability: Long-term -""" - copyDashboard( - id: String! -""" -The name of the repository or view where the dashboard to be copied to. -""" - targetSearchDomainName: String -""" -The name of the repository or view where the dashboard to be copied from. -""" - sourceSearchDomainName: String! -""" -The name the copied dashboard should have. -""" - name: String! - ): CopyDashboardMutation! -""" -Create an action from a package action template. -Stability: Long-term -""" - createActionFromPackageTemplate( -""" -The name of the view the package is installed in. -""" - viewName: String! -""" -The id of the package to fetch the action template from. -""" - packageId: VersionedPackageSpecifier! -""" -The name of the action template in the package. -""" - actionTemplateName: String! -""" -The name of the new action to create. -""" - overrideName: String - ): CreateActionFromPackageTemplateMutation! -""" -Create an action from yaml template -Stability: Long-term -""" - createActionFromTemplate( -""" -Data for creating an action from a yaml template -""" - input: CreateActionFromTemplateInput! - ): Action! -""" -Create an aggregate alert. -Stability: Long-term -""" - createAggregateAlert( -""" -Data for creating an aggregate alert. -""" - input: CreateAggregateAlert! - ): AggregateAlert! -""" -Create an alert. -Stability: Long-term -""" - createAlert( -""" -Data for creating an alert -""" - input: CreateAlert! - ): Alert! -""" -Create an alert from a package alert template. -""" - createAlertFromPackageTemplate( -""" -The name of the view or repo the package is installed in. -""" - searchDomainName: String! -""" -The id of the package to fetch the alert template from. -""" - packageId: VersionedPackageSpecifier! -""" -The name of the alert template in the package. -""" - alertTemplateName: String! -""" -The name of the new alert to create. -""" - alertName: String! - ): CreateAlertFromPackageTemplateMutation! -""" -Create an alert from yaml template -""" - createAlertFromTemplate( -""" -Data for creating an alert from a yaml template -""" - input: CreateAlertFromTemplateInput! - ): Alert! -""" -Create an ingest feed that uses AWS S3 and SQS -Stability: Long-term -""" - createAwsS3SqsIngestFeed( -""" -Data for creating an ingest feed that uses AWS S3 and SQS -""" - input: CreateAwsS3SqsIngestFeed! - ): IngestFeed! -""" -Stability: Preview -""" - createCrossOrgView( - input: CreateCrossOrgViewInput! - ): View! -""" -Create a custom link interaction. -Stability: Long-term -""" - createCustomLinkInteraction( - input: CreateCustomLinkInteractionInput! - ): InteractionId! -""" -Create a dashboard. -Stability: Long-term -""" - createDashboard( - input: CreateDashboardInput! - ): CreateDashboardMutation! -""" -Create a dashboard from a package dashboard template. -Stability: Long-term -""" - createDashboardFromPackageTemplate( -""" -The name of the view the package is installed in. -""" - viewName: String! -""" -The id of the package to fetch the dashboard template from. -""" - packageId: VersionedPackageSpecifier! -""" -The name of the dashboard template in the package. -""" - dashboardTemplateName: String! -""" -The name of the new dashboard to create. -""" - overrideName: String - ): CreateDashboardFromPackageTemplateMutation! -""" -Create a dashboard from a yaml specification. -Stability: Long-term -""" - createDashboardFromTemplateV2( -""" -Data for creating a dashboard from a yaml specification. -""" - input: CreateDashboardFromTemplateV2Input! - ): Dashboard! -""" -Create a dashboard link interaction. -Stability: Long-term -""" - createDashboardLinkInteraction( - input: CreateDashboardLinkInteractionInput! - ): InteractionId! -""" -Gets or create a new demo data view. -Stability: Short-term -""" - createDemoDataRepository( - demoDataType: String! - ): Repository! -""" -Create an email action. -Stability: Long-term -""" - createEmailAction( -""" -Data for creating an email action -""" - input: CreateEmailAction! - ): EmailAction! -""" -Create an organization. Root operation. -Stability: Long-term -""" - createEmptyOrganization( - name: String! - description: String - organizationId: String - subdomain: String - cid: String - ): Organization! -""" -Create an event forwarding rule on a repository and return it -Stability: Long-term -""" - createEventForwardingRule( -""" -Data for creating an event forwarding rule -""" - input: CreateEventForwardingRule! - ): EventForwardingRule! -""" -Create an FDR feed -Stability: Long-term -""" - createFdrFeed( -""" -Data for creating an FDR feed -""" - input: CreateFdrFeed! - ): FdrFeed! -""" -Creates a schema. If another schema already exists with the same name, then this overwrites it. -Stability: Long-term -""" - createFieldAliasSchema( - input: CreateFieldAliasSchemaInput! - ): FieldAliasSchema! -""" -Creates a field aliasing schema from a YAML file -Stability: Preview -""" - createFieldAliasSchemaFromTemplate( - input: CreateFieldAliasSchemaFromTemplateInput! - ): FieldAliasSchema! -""" -Create a filter alert. -Stability: Long-term -""" - createFilterAlert( -""" -Data for creating a filter alert -""" - input: CreateFilterAlert! - ): FilterAlert! -""" -Stability: Long-term -""" - createFleetInstallToken( - name: String! - configId: String - ): FleetInstallationToken! -""" -Create a LogScale repository action. -Stability: Long-term -""" - createHumioRepoAction( -""" -Data for creating a LogScale repository action -""" - input: CreateHumioRepoAction! - ): HumioRepoAction! -""" -Create a new IP filter. -Stability: Long-term -""" - createIPFilter( - input: IPFilterInput! - ): IPFilter! -""" -Create a new ingest listener. -Stability: Long-term -""" - createIngestListenerV3( - input: CreateIngestListenerV3Input! - ): IngestListener! -""" -Create a Kafka event forwarder and return it -Stability: Long-term -""" - createKafkaEventForwarder( -""" -Data for creating a Kafka event forwarder -""" - input: CreateKafkaEventForwarder! - ): KafkaEventForwarder! -""" -Create a cluster connection to a local view. -Stability: Short-term -""" - createLocalClusterConnection( -""" -Data for creating a local multi-cluster connection -""" - input: CreateLocalClusterConnectionInput! - ): LocalClusterConnection! -""" -Creates a log collector configuration. -Stability: Short-term -""" - createLogCollectorConfiguration( - name: String! - draft: String - ): LogCollectorConfiguration! -""" -Stability: Short-term -""" - createLogCollectorGroup( - name: String! - filter: String - configIds: [String!] - ): LogCollectorGroup! -""" -Create a lookup file from a package lookup file template. -Stability: Long-term -""" - createLookupFileFromPackageTemplate( -""" -The name of the view the package is installed in. -""" - viewName: RepoOrViewName! -""" -The id of the package to fetch the lookup file template from. -""" - packageId: VersionedPackageSpecifier! -""" -The filename of the lookup file template in the package. -""" - lookupFileTemplateName: String! -""" -The name of the new lookup file to create. -""" - overrideName: String - ): FileNameAndPath! -""" -Create an OpsGenie action. -Stability: Long-term -""" - createOpsGenieAction( -""" -Data for creating an OpsGenie action -""" - input: CreateOpsGenieAction! - ): OpsGenieAction! - createOrUpdateCrossOrganizationView( - name: String! - limitIds: [String!]! - filter: String - repoFilters: [RepoFilterInput!] - ): View! -""" -Creates or updates an external function specification. -Stability: Preview -""" - createOrUpdateExternalFunction( - input: CreateOrUpdateExternalFunctionInput! - ): ExternalFunctionSpecificationOutput! -""" -Create a organization permissions token for organizational-level access. -Stability: Long-term -""" - createOrganizationPermissionsToken( - input: CreateOrganizationPermissionTokenInput! - ): String! -""" -Creates an organization permissions token with the specified permissions. -Stability: Long-term -""" - createOrganizationPermissionsTokenV2( - input: CreateOrganizationPermissionsTokenV2Input! - ): CreateOrganizationPermissionsTokenV2Output! -""" -Create a metric view, usage view and log view for each organization. (Root operation) -Stability: Long-term -""" - createOrganizationsViews( - includeDebugView: Boolean - specificOrganization: String - ): Boolean! -""" -Create a PagerDuty action. -Stability: Long-term -""" - createPagerDutyAction( -""" -Data for creating a PagerDuty action. -""" - input: CreatePagerDutyAction! - ): PagerDutyAction! -""" -Create a parser. -""" - createParser( - input: CreateParserInput! - ): CreateParserMutation! -""" -Create a parser from a package parser template. -Stability: Long-term -""" - createParserFromPackageTemplate( -""" -The name of the view the package is installed in. -""" - viewName: String! -""" -The id of the package to fetch the parser template from. -""" - packageId: VersionedPackageSpecifier! -""" -The name of the parser template in the package. -""" - parserTemplateName: String! -""" -The name of the new parser to create. -""" - overrideName: String - ): CreateParserFromPackageTemplateMutation! -""" -Create a parser from a yaml specification -Stability: Long-term -""" - createParserFromTemplate( -""" -Data for creating a parser from a yaml template -""" - input: CreateParserFromTemplateInput! - ): Parser! -""" -Create a parser. -Stability: Long-term -""" - createParserV2( - input: CreateParserInputV2! - ): Parser! -""" -Create a personal user token for the user. It will inherit the same permissions as the user. -Stability: Long-term -""" - createPersonalUserToken( - input: CreatePersonalUserTokenInput! - ): String! -""" -Create a personal user token for the user. It will inherit the same permissions as the user. -Stability: Long-term -""" - createPersonalUserTokenV2( - input: CreatePersonalUserTokenInput! - ): CreatePersonalUserTokenV2Output! -""" -Create a new sharable link to a dashboard. -Stability: Long-term -""" - createReadonlyToken( - id: String! - name: String! - ipFilterId: String -""" -Ownership of the queries run by this shared dashboard. If value is User, ownership wil be based the calling user -""" - queryOwnershipType: QueryOwnershipType - ): DashboardLink! -""" -Create a cluster connection to a remote view. -Stability: Short-term -""" - createRemoteClusterConnection( -""" -Data for creating a remote cluster connection -""" - input: CreateRemoteClusterConnectionInput! - ): RemoteClusterConnection! -""" -Create a new repository. -Stability: Short-term -""" - createRepository( - name: String! - description: String - retentionInMillis: Long - retentionInIngestSizeBytes: Long - retentionInStorageSizeBytes: Long - organizationId: String - type: RepositoryType - repositoryId: String - dataType: RepositoryDataType -""" -The limit the repository should be attached to, only a cloud feature. If not specified a default will be found and used -""" - limitId: String - ): CreateRepositoryMutation! -""" -Adds a role. Only usable if roles are not managed externally, e.g. in LDAP. -Stability: Long-term -""" - createRole( - input: AddRoleInput! - ): AddRoleMutation! -""" -Create a saved query. -Stability: Long-term -""" - createSavedQuery( - input: CreateSavedQueryInput! - ): CreateSavedQueryPayload! -""" -Create a saved query from a package saved query template. -Stability: Long-term -""" - createSavedQueryFromPackageTemplate( -""" -The name of the view the package is installed in. -""" - viewName: String! -""" -The id of the package to fetch the saved query template from. -""" - packageId: VersionedPackageSpecifier! -""" -The name of the saved query template in the package. -""" - savedQueryTemplateName: String! -""" -The name of the new saved query to create. -""" - overrideName: String - ): CreateSavedQueryFromPackageTemplateMutation! -""" -Create a scheduled report. -Stability: Long-term -""" - createScheduledReport( -""" -Data for creating a scheduled report. -""" - input: CreateScheduledReportInput! - ): ScheduledReport! -""" -Create a scheduled search. -""" - createScheduledSearch( -""" -Data for creating a scheduled search -""" - input: CreateScheduledSearch! - ): ScheduledSearch! -""" -Create a scheduled search from a package scheduled search template. -""" - createScheduledSearchFromPackageTemplate( -""" -The name of the view or repo the package is installed in. -""" - searchDomainName: RepoOrViewName! -""" -The id of the package to fetch the scheduled search template from. -""" - packageId: VersionedPackageSpecifier! -""" -The name of the scheduled search template in the package. -""" - scheduledSearchTemplateName: String! -""" -The name of the new scheduled search to create. -""" - scheduledSearchName: String! - ): ScheduledSearch! -""" -Create a scheduled search from a yaml specification. -""" - createScheduledSearchFromTemplate( -""" -Data for creating a scheduled search from a yaml template. -""" - input: CreateScheduledSearchFromTemplateInput! - ): ScheduledSearch! -""" -Create a scheduled search. -Stability: Long-term -""" - createScheduledSearchV2( -""" -Data for creating a scheduled search -""" - input: CreateScheduledSearchV2! - ): ScheduledSearch! -""" -Create a search link interaction. -Stability: Long-term -""" - createSearchLinkInteraction( - input: CreateSearchLinkInteractionInput! - ): InteractionId! -""" -Create a Slack action. -Stability: Long-term -""" - createSlackAction( -""" -Data for creating a Slack action. -""" - input: CreateSlackAction! - ): SlackAction! -""" -Create a post message Slack action. -Stability: Long-term -""" - createSlackPostMessageAction( -""" -Data for creating a post message Slack action. -""" - input: CreatePostMessageSlackAction! - ): SlackPostMessageAction! -""" -Create a system permissions token for system-level access. -Stability: Long-term -""" - createSystemPermissionsToken( - input: CreateSystemPermissionTokenInput! - ): String! -""" -Creates a system permissions token with the specified permissions. -Stability: Long-term -""" - createSystemPermissionsTokenV2( - input: CreateSystemPermissionTokenV2Input! - ): CreateSystemPermissionsTokenV2Output! -""" -Create an upload file action. -Stability: Long-term -""" - createUploadFileAction( -""" -Data for creating an upload file action. -""" - input: CreateUploadFileAction! - ): UploadFileAction! -""" -Create a VictorOps action. -Stability: Long-term -""" - createVictorOpsAction( -""" -Data for creating a VictorOps action. -""" - input: CreateVictorOpsAction! - ): VictorOpsAction! -""" -Create a new view. -Stability: Long-term -""" - createView( - name: String! - description: String - connections: [ViewConnectionInput!] - federatedViews: [String!] - isFederated: Boolean - ): View! -""" -Create a view permission token. The permissions will take effect across all the views. -Stability: Long-term -""" - createViewPermissionsToken( - input: CreateViewPermissionsTokenInput! - ): String! -""" -Creates a view permissions token with the specified permissions on the views specified in the 'viewIds' field. -Stability: Long-term -""" - createViewPermissionsTokenV2( - input: CreateViewPermissionsTokenV2Input! - ): CreateViewPermissionsTokenV2Output! -""" -Create a webhook action. -Stability: Long-term -""" - createWebhookAction( -""" -Data for creating a webhook action. -""" - input: CreateWebhookAction! - ): WebhookAction! -""" -Delete an action. -Stability: Long-term -""" - deleteAction( -""" -Data for deleting an action. -""" - input: DeleteAction! - ): Boolean! -""" -Delete an aggregate alert. -Stability: Long-term -""" - deleteAggregateAlert( -""" -Data for deleting an aggregate alert. -""" - input: DeleteAggregateAlert! - ): Boolean! -""" -Delete an alert. -Stability: Long-term -""" - deleteAlert( -""" -Data for deleting an alert -""" - input: DeleteAlert! - ): Boolean! -""" -Delete a cluster connection from a view. -Stability: Short-term -""" - deleteClusterConnection( -""" -Data for deleting a cluster connection -""" - input: DeleteClusterConnectionInput! - ): Boolean! -""" -Delete a dashboard. -Stability: Long-term -""" - deleteDashboard( - input: DeleteDashboardInput! - ): DeleteDashboardMutation! -""" -Delete a dashboard by looking up the view with the given viewId and then the dashboard in the view with the given dashboardId. -Stability: Long-term -""" - deleteDashboardV2( - input: DeleteDashboardInputV2! - ): SearchDomain! -""" -Delete an event forwarder -Stability: Long-term -""" - deleteEventForwarder( -""" -Data for deleting an event forwarder -""" - input: DeleteEventForwarderInput! - ): Boolean! -""" -Delete an event forwarding rule on a repository -Stability: Long-term -""" - deleteEventForwardingRule( -""" -Data for deleting an event forwarding rule -""" - input: DeleteEventForwardingRule! - ): Boolean! -""" -Deletes a given external function specification. -Stability: Preview -""" - deleteExternalFunction( - input: deleteExternalFunctionInput! - ): Boolean! -""" -Delete an FDR feed -Stability: Long-term -""" - deleteFdrFeed( -""" -Data for deleting an FDR feed -""" - input: DeleteFdrFeed! - ): Boolean! -""" -Delete a feature flag. -Stability: Short-term -""" - deleteFeatureFlag( - feature: String! - ): Boolean! -""" -Deletes an alias mapping. -Stability: Long-term -""" - deleteFieldAliasSchema( - input: DeleteFieldAliasSchema! - ): Boolean! -""" -Delete a filter alert. -Stability: Long-term -""" - deleteFilterAlert( -""" -Data for deleting a filter alert -""" - input: DeleteFilterAlert! - ): Boolean! -""" -Stability: Long-term -""" - deleteFleetInstallToken( - token: String! - ): Boolean! -""" -Delete IP filter. -Stability: Long-term -""" - deleteIPFilter( - input: IPFilterIdInput! - ): Boolean! -""" -For deleting an identity provider. Root operation. -Stability: Long-term -""" - deleteIdentityProvider( - id: String! - ): Boolean! -""" -Delete an ingest feed -Stability: Long-term -""" - deleteIngestFeed( -""" -Data for deleting an ingest feed -""" - input: DeleteIngestFeed! - ): Boolean! -""" -Delete an ingest listener. -Stability: Long-term -""" - deleteIngestListener( - id: String! - ): BooleanResultType! -""" -Delete an interaction. -Stability: Long-term -""" - deleteInteraction( - input: DeleteInteractionInput! - ): Boolean! -""" -Stability: Long-term -""" - deleteLogCollectorConfiguration( - configId: String! - versionId: Int! - ): Boolean! -""" -Stability: Long-term -""" - deleteLogCollectorGroup( - id: String! - ): Boolean! -""" -Stability: Preview -""" - deleteLostCollectors( - dryRun: Boolean! - days: Int! - ): Int! -""" -Delete notification from the system. Requires root. -Stability: Long-term -""" - deleteNotification( - notificationId: String! - ): Boolean! -""" -Delete a parser. -Stability: Long-term -""" - deleteParser( - input: DeleteParserInput! - ): BooleanResultType! -""" -Remove a shared link to a dashboard. -Stability: Long-term -""" - deleteReadonlyToken( - id: String! - token: String! - ): BooleanResultType! -""" -Deletes a saved query. -Stability: Long-term -""" - deleteSavedQuery( - input: DeleteSavedQueryInput! - ): BooleanResultType! -""" -Delete a scheduled report. -Stability: Long-term -""" - deleteScheduledReport( - input: DeleteScheduledReportInput! - ): Boolean! -""" -Delete a scheduled search. -Stability: Long-term -""" - deleteScheduledSearch( -""" -Data for deleting a scheduled search -""" - input: DeleteScheduledSearch! - ): Boolean! -""" -Delete a repository or view. -Stability: Long-term -""" - deleteSearchDomain( - name: String! - deleteMessage: String - ): BooleanResultType! -""" -Delete a repository or view. -Stability: Long-term -""" - deleteSearchDomainById( - input: DeleteSearchDomainByIdInput! - ): Boolean! -""" -Delete a token -Stability: Long-term -""" - deleteToken( - input: InputData! - ): Boolean! -""" -Disable an aggregate alert. -Stability: Long-term -""" - disableAggregateAlert( -""" -Data for disabling an aggregate alert. -""" - input: DisableAggregateAlert! - ): Boolean! -""" -Disable an alert. -Stability: Long-term -""" - disableAlert( -""" -Data for disabling an alert -""" - input: DisableAlert! - ): Boolean! -""" -Disables the archiving job for the repository. -Stability: Short-term -""" - disableArchiving( - repositoryName: String! - ): BooleanResultType! -""" -Removes demo view. -Stability: Short-term -""" - disableDemoDataForUser: Boolean! -""" -Disables an event forwarder -Stability: Long-term -""" - disableEventForwarder( -""" -Data for disabling an event forwarder -""" - input: DisableEventForwarderInput! - ): Boolean! -""" -Disable a feature. -Stability: Short-term -""" - disableFeature( - feature: FeatureFlag! - ): Boolean! -""" -Disable a feature for a specific organization. -Stability: Short-term -""" - disableFeatureForOrg( - orgId: String! - feature: FeatureFlag! - ): Boolean! -""" -Disable a feature for a specific user. -Stability: Short-term -""" - disableFeatureForUser( - feature: FeatureFlag! - userId: String! - ): Boolean! -""" -Disables the schema on this organization. -Stability: Long-term -""" - disableFieldAliasSchemaOnOrg( - input: DisableFieldAliasSchemaOnOrgInput! - ): Boolean! -""" -Disables the schema on the given view or repository. -Stability: Long-term -""" - disableFieldAliasSchemaOnView( - input: DisableFieldAliasSchemaOnViewInput! - ): Boolean! -""" -Disables the schema on the given views or repositories. -Stability: Preview -""" - disableFieldAliasSchemaOnViews( - input: DisableFieldAliasSchemaOnViewsInput! - ): Boolean! -""" -Disable a filter alert. -Stability: Long-term -""" - disableFilterAlert( -""" -Data for disabling a filter alert -""" - input: DisableFilterAlert! - ): Boolean! -""" -Stability: Short-term -""" - disableLogCollectorDebugLogging: Boolean! -""" -Stability: Short-term -""" - disableLogCollectorInstanceDebugLogging( - id: String! - ): Boolean! -""" -Disable access to IOCs (indicators of compromise) for an organization. (Requires Organization Manager Permission) -Stability: Short-term -""" - disableOrganizationIocAccess( -""" -Data for disabling access to IOCs (indicators of compromise) for an organization -""" - input: DisableOrganizationIocAccess! - ): Organization! -""" -Disable a scheduled report. -Stability: Long-term -""" - disableScheduledReport( - input: DisableScheduledReportInput! - ): Boolean! -""" -Disable execution of a scheduled search. -Stability: Long-term -""" - disableScheduledSearch( -""" -Data for disabling a scheduled search -""" - input: DisableStarScheduledSearch! - ): ScheduledSearch! -""" -Disable query tracing on worker nodes for queries with the given quota key -Stability: Preview -""" - disableWorkerQueryTracing( -""" -The quota key to disable tracing for -""" - quotaKey: String! - ): Boolean! -""" -Dismiss notification for specific user, if allowed by notification type. -Stability: Long-term -""" - dismissNotification( - notificationId: String! - ): Boolean! -""" -Enable an aggregate alert. -Stability: Long-term -""" - enableAggregateAlert( -""" -Data for enabling an aggregate alert. -""" - input: EnableAggregateAlert! - ): Boolean! -""" -Enable an alert. -Stability: Long-term -""" - enableAlert( -""" -Data for enabling an alert -""" - input: EnableAlert! - ): Boolean! -""" -Enables the archiving job for the repository. -Stability: Short-term -""" - enableArchiving( - repositoryName: String! - ): BooleanResultType! -""" -Gets or create a new demo data view. -Stability: Short-term -""" - enableDemoDataForUser( - demoDataType: String! - ): View! -""" -Enables an event forwarder -Stability: Long-term -""" - enableEventForwarder( -""" -Data for enabling an event forwarder -""" - input: EnableEventForwarderInput! - ): Boolean! -""" -Enable a feature. -Stability: Short-term -""" - enableFeature( - feature: FeatureFlag! -""" -Enable feature flag regardless of verification result -""" - skipVerification: Boolean - ): Boolean! -""" -Enable a feature for a specific organization. -Stability: Short-term -""" - enableFeatureForOrg( - orgId: String! - feature: FeatureFlag! -""" -Enable feature flag regardless of verification result -""" - skipVerification: Boolean - ): Boolean! -""" -Enable a feature for a specific user. -Stability: Short-term -""" - enableFeatureForUser( - feature: FeatureFlag! - userId: String! -""" -Enable feature flag regardless of verification result -""" - skipVerification: Boolean - ): Boolean! -""" -Enables the schema on this organization. Field alias mappings in this schema will be active during search across all views and repositories within this org. -Stability: Long-term -""" - enableFieldAliasSchemaOnOrg( - input: EnableFieldAliasSchemaOnOrgInput! - ): Boolean! -""" -Enables the schema on the given list of views or repositories. -Field alias mappings in this schema will be active during search within this view or repository. -If at least one view fails to be enabled on the given view, then no changes are performed on any of the views. -Stability: Long-term -""" - enableFieldAliasSchemaOnViews( - input: EnableFieldAliasSchemaOnViewsInput! - ): Boolean! -""" -Enable a filter alert. -Stability: Long-term -""" - enableFilterAlert( -""" -Data for enabling a filter alert -""" - input: EnableFilterAlert! - ): Boolean! -""" -Stability: Short-term -""" - enableLogCollectorDebugLogging( - url: String - token: String! - level: String! - repository: String - ): Boolean! -""" -Stability: Short-term -""" - enableLogCollectorInstanceDebugLogging( - id: String! - url: String - token: String! - level: String! - repositoryName: String - ): Boolean! -""" -Enable access to IOCs (indicators of compromise) for an organization. (Requires Organization Manager Permission). -Stability: Short-term -""" - enableOrganizationIocAccess( -""" -Data for enabling access to IOCs (indicators of compromise) for an organization -""" - input: EnableOrganizationIocAccess! - ): Organization! -""" -Enable a scheduled report. -Stability: Long-term -""" - enableScheduledReport( - input: EnableScheduledReportInput! - ): Boolean! -""" -Enable execution of a scheduled search. -Stability: Long-term -""" - enableScheduledSearch( -""" -Data for enabling a scheduled search -""" - input: EnableStarScheduledSearch! - ): ScheduledSearch! -""" -Enable query tracing on worker nodes for queries with the given quota key -Stability: Preview -""" - enableWorkerQueryTracing( - input: EnableWorkerQueryTracingInputType! - ): Boolean! -""" -Extend a Cloud Trial. (Requires Root Permissions) -Stability: Short-term -""" - extendCloudTrial( - organizationId: String! - days: Int! - ): Boolean! -""" -Set the primary bucket target for the organization. -Stability: Long-term -""" - findOrCreateBucketStorageEntity( - organizationId: String! - ): Int! -""" -Configures GCS archiving for a repository. E.g. bucket. -Stability: Preview -""" - gcsConfigureArchiving( - repositoryName: String! - bucket: String! - format: ArchivingFormat! - tagOrderInName: [String!] - startFromDateTime: DateTime - ): BooleanResultType! -""" -Installs a package in a specific view. -Stability: Long-term -""" - installPackageFromRegistryV2( - InstallPackageFromRegistryInput: InstallPackageFromRegistryInput! - ): InstallPackageFromRegistryResult! -""" -Installs a package from file provided in multipart/form-data (name=file) in a specific view. -Stability: Long-term -""" - installPackageFromZip( -""" -The name of the view the package is installed in. -""" - viewName: String! -""" -Overwrite existing installed package -""" - overwrite: Boolean -""" -Ownership of the queries run by the triggers (e.g. alerts and scheduled searches) that are installed as part of this package. If value is User, ownership will be based on the calling user. -""" - queryOwnershipType: QueryOwnershipType - ): InstallPackageFromZipResult! -""" - -Stability: Short-term -""" - killQuery( - viewName: String! - pattern: String! - ): BooleanResultType! -""" -Enable a or disable language restrictions for specified version. -Stability: Preview -""" - languageRestrictionsEnable( - input: EnabledInput! - ): Boolean! -""" -Stability: Preview -""" - linkChildOrganization( - childId: String! - ): OrganizationLink! -""" -Log UI Action. -Stability: Short-term -""" - logAnalytics( - input: AnalyticsLog! - ): Boolean! -""" -Log UI Action. -Stability: Preview -""" - logAnalyticsBatch( - input: [AnalyticsLogWithTimestamp!]! - ): Boolean! -""" -Logs a service level indicator to the humio repo with #kind=frontend. -Stability: Preview -""" - logFrontendServiceLevelIndicators( - input: [ServiceLevelIndicatorLogArg!]! - ): Boolean! -""" -Logs out of a users session. -Stability: Long-term -""" - logoutOfSession: Boolean! -""" -Set a limits deleted mark -""" - markLimitDeleted( - input: MarkLimitDeletedInput! - ): Boolean! -""" -Migrate all organizations to the new Limits model (requires root). -Stability: Long-term -""" - migrateToNewLimits( - input: MigrateLimitsInput! - ): Boolean! -""" -For setting up a new Azure AD OIDC idp. Root operation. -Stability: Long-term -""" - newAzureAdOidcIdentityProvider( - name: String! - tenantId: String! - clientID: String! - clientSecret: String! - domains: [String!]! - enableDebug: Boolean - scopeClaim: String - ): OidcIdentityProvider! -""" -Create new file -Stability: Long-term -""" - newFile( - fileName: String! - name: String! - ): UploadedFileSnapshot! -""" -For setting up a new OIDC idp. Root operation. -Stability: Long-term -""" - newOIDCIdentityProvider( - input: OidcConfigurationInput! - ): OidcIdentityProvider! -""" -Stability: Long-term -""" - newSamlIdentityProvider( -""" -Optional specify the ID externally (root only) -""" - id: String - name: String! - signOnUrl: String! - idpCertificateInBase64: String! - idpEntityId: String! - domains: [String!]! - groupMembershipAttribute: String - userAttribute: String - enableDebug: Boolean -""" -Only used internal -""" - adminAttribute: String -""" -Only used internal -""" - adminAttributeMatch: String -""" -If multiple Idp's are defined the default idp is used whenever redirecting to login -""" - defaultIdp: Boolean -""" -Only used internal -""" - humioOwned: Boolean -""" -Lazy create users during login -""" - lazyCreateUsers: Boolean -""" -An alternative certificate to be used for IdP signature validation. Useful for handling certificate rollover -""" - alternativeIdpCertificateInBase64: String - ): SamlIdentityProvider! -""" -Create notification. Required permissions depends on targets. - Examples: - mutation{notify(Target:Group, ids: ["GroupId1", "GroupId2"],...)} #Notify users in group1 and group2 - mutation{notify(Target:OrgRoot, ids: ["OrgId1", "OrgId2"],...)} # Notify org roots in org1 and org2 - mutation{notify(Target:Root,...)} #Notify all root users - mutation{notify(Target:All,...)} # Notify all users - mutation{notify(Target:All,["UserId1", "UserId2", "UserId3"],...)} #Notify user 1, 2 & 3 - -Stability: Long-term -""" - notify( - input: NotificationInput! - ): Notification! -""" -Override whether feature should be rolled out. -Stability: Short-term -""" - overrideRolledOutFeatureFlag( - feature: FeatureFlag! - rollOut: Boolean! - ): Boolean! -""" -Proxy mutation through a specific organization. Root operation. -Stability: Long-term -""" - proxyOrganization( - organizationId: String! - ): Organization! -""" -Updates a log collector configuration. -Stability: Short-term -""" - publishLogCollectorConfiguration( - id: String! - yaml: String - currentVersion: Int! - ): LogCollectorConfiguration! -""" -Recover the organization with the given id. -Stability: Short-term -""" - recoverOrganization( - organizationId: String! - ): Organization! -""" -Redact events matching a certain query within a certain time interval. Returns the id of the submitted redaction task -Stability: Long-term -""" - redactEvents( - input: RedactEventsInputType! - ): String! -""" -Force a refresh of the ClusterManagementStats cache and return reasonsNodeCannotBeSafelyUnregistered for the specified node. -Stability: Preview -""" - refreshClusterManagementStats( -""" -Id of the node for which refreshed data must be retrieved. -""" - nodeId: Int! - ): RefreshClusterManagementStatsMutation! -""" -Refresh the list of regions -Stability: Short-term -""" - refreshRegions: Boolean! -""" -Remove a label from an alert. -Stability: Long-term -""" - removeAlertLabelV2( -""" -Data for removing a label from an alert -""" - input: RemoveAlertLabel! - ): Alert! -""" -Stability: Preview -""" - removeCrossOrgViewConnections( - input: RemoveCrossOrgViewConnectionsInput! - ): View! -""" -Remove a filter from a dashboard's list of filters. -Stability: Long-term -""" - removeDashboardFilter( - id: String! - filterId: String! - ): Dashboard! -""" -Remove a label from a dashboard. -Stability: Long-term -""" - removeDashboardLabel( - id: String! - label: String! - ): Dashboard! -""" -Gets or create a new demo data view. -Stability: Short-term -""" - removeDemoDataRepository( - demoDataType: String! - ): Boolean! -""" -Removes a field alias mapping to an existing schema. -Stability: Long-term -""" - removeFieldAliasMapping( - input: RemoveAliasMappingInput! - ): Boolean! -""" -Remove file -Stability: Long-term -""" - removeFile( - fileName: String! - name: String! - ): BooleanResultType! -""" -Remove an item on the query blocklist. -Stability: Long-term -""" - removeFromBlocklist( -""" -Data for removing a blocklist entry -""" - input: RemoveFromBlocklistInput! - ): Boolean! -""" -Stability: Short-term -""" - removeFromLogCollectorConfigurationTest( - configId: String! - collectorIds: [String!]! - ): FleetConfigurationTest! -""" -Disable functions for use with specified language version. -Stability: Preview -""" - removeFunctionsFromAllowList( - input: FunctionListInput! - ): Boolean! -""" -Removes the global default cache policy -Stability: Preview -""" - removeGlobalDefaultCachePolicy: Boolean! -""" -Removes a group. Only usable if roles are not managed externally, e.g. in LDAP. -Stability: Long-term -""" - removeGroup( - groupId: String! - ): RemoveGroupMutation! -""" -Remove an Ingest Token. -Stability: Long-term -""" - removeIngestToken( -""" -The name of the repository to remove the ingest token from. -""" - repositoryName: String! -""" -The name of the token to delete. -""" - name: String! - ): BooleanResultType! -""" -Remove a limit in the given organization -""" - removeLimit( - input: RemoveLimitInput! - ): Boolean! -""" -Remove a limit with id in the given organization -Stability: Short-term -""" - removeLimitWithId( - limitId: String! - ): Boolean! -""" -Stability: Long-term -""" - removeLoginBridge: Boolean! -""" -Stability: Long-term -""" - removeLoginBridgeAllowedUsers( - userID: String! - ): LoginBridge! -""" -Removes the default cache policy of the current organization. -Stability: Preview -""" - removeOrgDefaultCachePolicy: Boolean! -""" -Remove the organization with the given id (needs to be the same organization ID as the requesting user is in). -Stability: Short-term -""" - removeOrganization( - organizationId: String! - ): Boolean! -""" -Remove the bucket config for the organization. -Stability: Long-term -""" - removeOrganizationBucketConfig: Organization! -""" -Remove a parser. -""" - removeParser( - input: RemoveParserInput! - ): RemoveParserMutation! -""" -Stability: Short-term -""" - removeQueryQuotaDefaultSettings: Boolean! -""" -Stability: Short-term -""" - removeQueryQuotaUserSettings( - username: String! - ): Boolean! -""" -Removes the cache policy of a repository -Stability: Preview -""" - removeRepoCachePolicy( -""" -Data to remove a repository cache policy -""" - input: RemoveRepoCachePolicyInput! - ): Boolean! -""" -Removes a role. Only usable if roles are not managed externally, e.g. in LDAP. -Stability: Long-term -""" - removeRole( - roleId: String! - ): BooleanResultType! -""" -Remove a label from a scheduled search. -Stability: Long-term -""" - removeScheduledSearchLabel( -""" -Data for removing a label -""" - input: RemoveLabelScheduledSearch! - ): ScheduledSearch! -""" -Removes a secondary subdomain from the organization -Stability: Preview -""" - removeSecondarySubdomain( - input: RemoveSecondarySubdomainInput! - ): Organization! -""" -Temporary mutation to remove all size based retention for all organizations. -""" - removeSizeBasedRetentionForAllOrganizations: [String!]! -""" -Remove a star from an alert. -""" - removeStarFromAlertV2( -""" -Data for removing a star from an alert -""" - input: RemoveStarFromAlert! - ): Alert! -""" -Remove a star from a dashboard. -Stability: Long-term -""" - removeStarFromDashboard( - id: String! - ): Dashboard! -""" -Stability: Long-term -""" - removeStarFromField( - input: RemoveStarToFieldInput! - ): RemoveStarToFieldMutation! -""" -Remove a star from a scheduled search. -""" - removeStarFromScheduledSearch( -""" -Data for removing a star -""" - input: RemoveStarScheduledSearch! - ): ScheduledSearch! -""" -Remove a star from a repository or view. -Stability: Long-term -""" - removeStarFromSearchDomain( - name: String! - ): SearchDomain! -""" -Remove the subdomain settings for the organization. -Stability: Preview -""" - removeSubdomainSettings: Organization! -""" -Remove a user. -Stability: Long-term -""" - removeUser( - input: RemoveUserInput! - ): RemoveUserMutation! -""" -Remove a user. -Stability: Long-term -""" - removeUserById( - input: RemoveUserByIdInput! - ): RemoveUserByIdMutation! -""" -Removes users from an existing group. -Stability: Long-term -""" - removeUsersFromGroup( - input: RemoveUsersFromGroupInput! - ): RemoveUsersFromGroupMutation! -""" -Rename a dashboard. -Stability: Long-term -""" - renameDashboard( - id: String! - name: String! - ): Dashboard! -""" -Rename a Repository or View. -Stability: Long-term -""" - renameSearchDomain( -""" -Old name for Repository or View -""" - name: String! -""" -New name for Repository or View. Note that this changes the URLs for accessing the Repository or View. -""" - renameTo: String! - ): SearchDomain! -""" -Rename a Repository or View. -Stability: Long-term -""" - renameSearchDomainById( - input: RenameSearchDomainByIdInput! - ): SearchDomain! -""" -Stability: Long-term -""" - renameWidget( - id: String! - widgetId: String! - title: String! - ): Dashboard! -""" -Resend an invite to a pending user. -Stability: Long-term -""" - resendInvitation( - input: TokenInput! - ): Boolean! -""" -Resets the flight recorder settings to default for the given vhost -Stability: Preview -""" - resetFlightRecorderSettings( -""" -The vhost to change the settings for. -""" - vhost: Int! - ): Boolean! -""" -Sets the quota and rate to the given value or resets it to defaults -Stability: Long-term -""" - resetQuota( -""" -Data for resetting quota -""" - input: ResetQuotaInput! - ): Boolean! -""" -Stability: Short-term -""" - resetToFactorySettings: Account! -""" -Mark all segment files as unarchived. -Stability: Short-term -""" - restartArchiving( - repositoryName: String! - archivalKind: ArchivalKind - ): BooleanResultType! -""" -Restore a deleted search domain. -Stability: Preview -""" - restoreDeletedSearchDomain( - input: RestoreDeletedSearchDomainInput! - ): SearchDomain! -""" -Resubmit marketo lead. Requires root level privileges and an organization owner in the organization (the lead). -Stability: Long-term -""" - resubmitMarketoLead( - input: ResubmitMarketoLeadData! - ): Boolean! -""" -Revoke a pending user. Once revoked, the invitation link sent to the user becomes invalid. -Stability: Long-term -""" - revokePendingUser( - input: TokenInput! - ): Boolean! -""" -Revoke the specified session. Can be a single session, all sessions for a user or all sessions in an organization. -Stability: Long-term -""" - revokeSession( - input: RevokeSessionInput! - ): Boolean! -""" -Rollback the organization with the given id. -Stability: Short-term -""" - rollbackOrganization( - organizationId: String! - ): Boolean! -""" -Rotate a token -Stability: Long-term -""" - rotateToken( - input: RotateTokenInputData! - ): String! -""" -This is used to initiate a global consistency check on a cluster. Returns the checkId of the consistency check run -Stability: Preview -""" - runGlobalConsistencyCheck: String! -""" -Manually start the organization inconsistency job. This job will check for inconsistencies like orphaned entities, references to non-existent entities. The job can be run in a dry-run mode that only logs what would have happened. -Stability: Preview -""" - runInconsistencyCheck( - input: RunInconsistencyCheckInput! - ): String! -""" -Configures S3 archiving for a repository. E.g. bucket and region. -Stability: Short-term -""" - s3ConfigureArchiving( - repositoryName: String! - bucket: String! - region: String! - format: S3ArchivingFormat! - tagOrderInName: [String!] - startFromDateTime: DateTime - roleArn: String - ): BooleanResultType! -""" -Disables the archiving job for the repository. -Stability: Short-term -""" - s3DisableArchiving( - repositoryName: String! - ): BooleanResultType! -""" -Enables the archiving job for the repository. -Stability: Short-term -""" - s3EnableArchiving( - repositoryName: String! - ): BooleanResultType! -""" -Mark all segment files as unarchived. -Stability: Short-term -""" - s3ResetArchiving( - repositoryName: String! - archivalKind: ArchivalKind - ): BooleanResultType! -""" -Scheduled report result failed. -Stability: Long-term -""" - scheduledReportResultFailed( - input: ScheduledReportResultFailedInput! - ): Boolean! -""" -Scheduled report result succeeded. -Stability: Long-term -""" - scheduledReportResultSucceeded( - input: ScheduledReportResultSucceededInput! - ): Boolean! -""" -Set to true to allow moving existing segments between nodes to achieve a better data distribution -Stability: Short-term -""" - setAllowRebalanceExistingSegments( -""" -true if the cluster should allow moving existing segments between nodes to achieve a better data distribution -""" - allowRebalanceExistingSegments: Boolean! - ): Boolean! -""" -Set whether or not to allow updating the desired digesters automatically -Stability: Short-term -""" - setAllowUpdateDesiredDigesters( -""" -Whether or not to allow updating the desired digesters automatically -""" - allowUpdateDesiredDigesters: Boolean! - ): Boolean! -""" -Automatically search when arriving at the search page -Stability: Long-term -""" - setAutomaticSearching( - name: String! - automaticSearch: Boolean! - ): setAutomaticSearching! -""" -Set CID of provisioned organization -Stability: Short-term -""" - setCid( - cid: String! - ): Organization! -""" -Set a duration from now, until which this host will be considered alive by LogScale, even when it's offline. -""" - setConsideredAliveFor( -""" -ID of the node to consider alive. -""" - nodeID: Int! -""" -Amount of millis that the node will be considered alive for (from now). -""" - aliveForMillis: Long - ): DateTime -""" -Set a time in the future, until which this host will be considered alive by LogScale, even when it's offline. -""" - setConsideredAliveUntil( -""" -ID of the node to consider alive. -""" - nodeID: Int! -""" -Time in the future -""" - aliveUntil: DateTime - ): DateTime -""" -Mark a filter as the default for a dashboard. This filter will automatically be active when the dashboard is opened. -Stability: Long-term -""" - setDefaultDashboardFilter( - id: String! - filterId: String - ): Dashboard! -""" -Set the query that should be loaded on entering the search page in a specific view. -Stability: Long-term -""" - setDefaultSavedQuery( - input: SetDefaultSavedQueryInput! - ): BooleanResultType! -""" -Sets the digest replication factor to the supplied value -Stability: Short-term -""" - setDigestReplicationFactor( -""" -The replication factor for segments newly written to digest nodes. Applies until the segments are moved to storage nodes. -""" - digestReplicationFactor: Int! - ): Int! -""" -Set a dynamic config. Requires root level access. -Stability: Short-term -""" - setDynamicConfig( - input: DynamicConfigInputObject! - ): Boolean! -""" -Configures whether subdomains are enforced for the organization -Stability: Preview -""" - setEnforceSubdomains( - input: EnforceSubdomainsInput! - ): Organization! -""" -Save UI styling and other properties for a field. These will be used whenever that field is added to a table or event list in LogScale's UI. -Stability: Long-term -""" - setFieldConfiguration( - input: FieldConfigurationInput! - ): Boolean! -""" -Sets the global default cache policy. This policy will be applied to a repo if neither a repo or org cache policy is set. -Stability: Preview -""" - setGlobalDefaultCachePolicy( -""" -Data to set a global default cache policy -""" - input: SetGlobalDefaultCachePolicyInput! - ): Boolean! -""" -Toggle whether the specified host should be prepared for eviction from the cluster. If preparing for eviction, the cluster will attempt to move data and work away from the host. -Stability: Short-term -""" - setIsBeingEvicted( -""" -ID of the node to set the isBeingEvicted flag for. -""" - vhost: Int! -""" -Eviction flag indicating whether a node should be prepared for eviction from the cluster. -""" - isBeingEvicted: Boolean! - ): Boolean! -""" -Remove a limit in the given organization -Stability: Long-term -""" - setLimitDisplayName( - input: SetLimitDisplayNameInput! - ): Boolean! -""" -Stability: Long-term -""" - setLoginBridge( - input: LoginBridgeInput! - ): LoginBridge! -""" -Stability: Long-term -""" - setLoginBridgeTermsState( - accepted: Boolean! - ): LoginBridge! -""" -Stability: Short-term -""" - setLostCollectorDays( - days: Int - ): Boolean! -""" -Sets the percentage of all hosts relevant to a particular cluster rebalance operation that need to be alive before we allow the system to automatically execute the operation to the supplied value. Cluster rebalance operations currently include reassigning digest work, and moving existing segments to balance disk usage. -Stability: Short-term -""" - setMinHostAlivePercentageToEnableClusterRebalancing( -""" -Percentage of all hosts relevant to a particular cluster rebalance operation that need to be alive before we allow the system to automatically execute the operation. Cluster rebalance operations currently include reassigning digest work, and moving existing segments to balance disk usage. Must be between 0 and 100, both inclusive -""" - minHostAlivePercentageToEnableClusterRebalancing: Int! - ): Int! -""" -Sets the starting read offset for the given ingest partition. -Stability: Preview -""" - setOffsetForDatasourcesOnPartition( -""" -Data for setting offset for datasources on partition type. -""" - input: SetOffsetForDatasourcesOnPartitionInput! - ): Boolean! -""" -Sets the duration old object sampling will run for before dumping results and restarting -Stability: Preview -""" - setOldObjectSampleDurationMinutes( -""" -The vhost to change the setting for. -""" - vhost: Int! -""" -The duration old object sampling will run for before dumping results and restarting -""" - oldObjectSampleDurationMinutes: Long! - ): Long! -""" -Toggles the OldObjectSample event on or off -Stability: Preview -""" - setOldObjectSampleEnabled( -""" -The vhost to change the setting for. -""" - vhost: Int! -""" -true to enable the OldObjectSample event -""" - oldObjectSampleEnabled: Boolean! - ): Boolean! -""" -Sets the default cache policy of the current organization. This policy will be applied to repos within the current organizatio if a repo cache policy is set. -Stability: Preview -""" - setOrgDefaultCachePolicy( -""" -Data to set a organization default cache policy -""" - input: SetOrgDefaultCachePolicyInput! - ): Boolean! -""" -Set the primary bucket target for the organization. -Stability: Long-term -""" - setOrganizationBucket1( - targetBucketId1: String! - ): Organization! -""" -Set the secondary bucket target for the organization. -Stability: Long-term -""" - setOrganizationBucket2( - targetBucketId2: String! - ): Organization! -""" -Set the primary domain for the organization. If a primary domain is already set the existing primary domain is converted to a secondary domain -Stability: Preview -""" - setPrimarySubdomain( - input: SetPrimarySubdomainInput! - ): Organization! -""" -Sets the cache policy of a repository. -Stability: Preview -""" - setRepoCachePolicy( -""" -Data to set a repo cache policy -""" - input: SetRepoCachePolicyInput! - ): Boolean! -""" -Sets the segment replication factor to the supplied value -Stability: Short-term -""" - setSegmentReplicationFactor( -""" -replication factor for segment storage -""" - segmentReplicationFactor: Int! - ): Int! -""" -Set the subdomain settings for an organization. This overrides previously configured settings -Stability: Preview -""" - setSubdomainSettings( - input: SetSubdomainSettingsInput! - ): Organization! -""" -Set current tag groupings for a repository. -Stability: Long-term -""" - setTagGroupings( -""" -The name of the repository on which to apply the new tag groupings. -""" - repositoryName: String! -""" -The tag groupings to set for the repository. -""" - tagGroupings: [TagGroupingRuleInput!]! - ): [TagGroupingRule!]! -""" -Stability: Short-term -""" - setWantedLogCollectorVersion( - id: String! - version: String - timeOfUpdate: DateTime - ): Boolean! -""" -Star a saved query in user settings. -Stability: Long-term -""" - starQuery( - input: AddStarToQueryInput! - ): BooleanResultType! -""" -Stability: Short-term -""" - startLogCollectorConfigurationTest( - configId: String! - collectorIds: [String!]! - ): FleetConfigurationTest! -""" -Stops all running queries including streaming queries -Stability: Short-term -""" - stopAllQueries( -""" -Input to stopping queries. -""" - input: StopQueriesInput - ): Boolean! -""" -Stops all historical queries, ignores live and streaming queries -Stability: Short-term -""" - stopHistoricalQueries( -""" -Input to stopping queries. -""" - input: StopQueriesInput - ): Boolean! -""" -Stability: Short-term -""" - stopLogCollectorConfigurationTest( - configId: String! - ): FleetConfigurationTest! -""" -Stops all streaming queries -Stability: Short-term -""" - stopStreamingQueries( -""" -Input to stopping queries. -""" - input: StopQueriesInput - ): Boolean! -""" -Tests whether the Iam role is setup correctly and that there is a connection to the SQS queue. -Stability: Long-term -""" - testAwsS3SqsIngestFeed( -""" -Data for testing an ingest feed that uses AWS S3 and SQS -""" - input: TestAwsS3SqsIngestFeed! - ): Boolean! -""" -Test an email action -Stability: Long-term -""" - testEmailAction( -""" -Data for testing an email action -""" - input: TestEmailAction! - ): TestResult! -""" -Test an FDR feed. -Stability: Long-term -""" - testFdrFeed( -""" -Data for testing an FDR feed. -""" - input: TestFdrFeed! - ): TestFdrResult! -""" -Test a Humio repo action. -Stability: Long-term -""" - testHumioRepoAction( -""" -Data for testing a Humio repo action -""" - input: TestHumioRepoAction! - ): TestResult! -""" -Test that a Kafka event forwarder can connect to the specified Kafka server and topic. -Note that this may create the topic on the broker if the Kafka broker is configured to automatically create -topics. -Stability: Long-term -""" - testKafkaEventForwarderV2( -""" -Data for testing a Kafka event forwarder -""" - input: TestKafkaEventForwarder! - ): TestResult! -""" -Test an OpsGenie action. -Stability: Long-term -""" - testOpsGenieAction( -""" -Data for testing an OpsGenie action -""" - input: TestOpsGenieAction! - ): TestResult! -""" -Test a PagerDuty action. -Stability: Long-term -""" - testPagerDutyAction( -""" -Data for testing a PagerDuty action. -""" - input: TestPagerDutyAction! - ): TestResult! -""" -Test a parser on some test events. If the parser fails to run, an error is returned. Otherwise, a list of results, one for each test event, is returned. -""" - testParser( - input: TestParserInputV2! - ): TestParserResultV2! -""" -Test a parser on some test cases. -Stability: Long-term -""" - testParserV2( - input: ParserTestRunInput! - ): ParserTestRunOutput! -""" -Test a Slack action. -Stability: Long-term -""" - testSlackAction( -""" -Data for testing a Slack action. -""" - input: TestSlackAction! - ): TestResult! -""" -Test a post message Slack action. -Stability: Long-term -""" - testSlackPostMessageAction( -""" -Data for testing a post message Slack action. -""" - input: TestPostMessageSlackAction! - ): TestResult! -""" -Test an upload file action -Stability: Long-term -""" - testUploadFileAction( -""" -Data for testing an upload file action. -""" - input: TestUploadFileAction! - ): TestResult! -""" -Test a VictorOps action. -Stability: Long-term -""" - testVictorOpsAction( -""" -Data for testing a VictorOps action. -""" - input: TestVictorOpsAction! - ): TestResult! -""" -Test a webhook action. -Stability: Long-term -""" - testWebhookAction( -""" -Data for testing a webhook action. -""" - input: TestWebhookAction! - ): TestResult! -""" -Will attempt to trigger a poll on an ingest feed. -Stability: Long-term -""" - triggerPollIngestFeed( -""" -Data for trigger polling an ingest feed -""" - input: TriggerPollIngestFeed! - ): Boolean! -""" -Un-associates a token with its currently assigned parser. -Stability: Long-term -""" - unassignIngestToken( -""" -The name of the repository the ingest token belongs to. -""" - repositoryName: String! -""" -The name of the token. -""" - tokenName: String! - ): UnassignIngestTokenMutation! -""" -Removes the organization management role assigned to the group for the provided organizations. -Stability: Preview -""" - unassignOrganizationManagementRoleFromGroup( - input: UnassignOrganizationManagementRoleFromGroupInput! - ): UnassignOrganizationManagementRoleFromGroup! -""" -Removes the organization role assigned to the group. -Stability: Long-term -""" - unassignOrganizationRoleFromGroup( - input: RemoveOrganizationRoleFromGroupInput! - ): UnassignOrganizationRoleFromGroup! -""" -Removes the role assigned to the group for a given view. -Stability: Long-term -""" - unassignRoleFromGroup( - input: RemoveRoleFromGroupInput! - ): UnassignRoleFromGroup! -""" -Removes the system role assigned to the group. -Stability: Long-term -""" - unassignSystemRoleFromGroup( - input: RemoveSystemRoleFromGroupInput! - ): UnassignSystemRoleFromGroup! -""" -Unassign node tasks. Returns the set of assigned tasks after the unassign operation has completed. -Stability: Short-term -""" - unassignTasks( -""" -ID of the node to assign node tasks to. -""" - nodeID: Int! -""" -List of tasks to unassign. -""" - tasks: [NodeTaskEnum!]! - ): [NodeTaskEnum!]! -""" -Unassigns role(s) for user in the search domain. -Stability: Long-term -""" - unassignUserRoleForSearchDomain( - userId: String! - searchDomainId: String! -""" -If specified, only unassigns the role with the specified id. If not specified, unassigns all user roles for the user in the search domain. -""" - roleId: String - ): User! -""" -Unblock ingest to the specified repository. (Requires ManageCluster Permission) -Stability: Long-term -""" - unblockIngest( - repositoryName: String! - ): UnblockIngestMutation! -""" -Stability: Long-term -""" - unenrollLogCollectors( - ids: [String!] - ): [EnrolledCollector!]! -""" -Uninstalls a package from a specific view. -Stability: Long-term -""" - uninstallPackage( -""" -The id of the package to uninstall. -""" - packageId: UnversionedPackageSpecifier! -""" -The name of the view the package to uninstall is installed in. -""" - viewName: String! - ): BooleanResultType! -""" -Stability: Preview -""" - unlinkChildOrganization( - childId: String! - ): Boolean! -""" -Unset a dynamic config. Requires Manage Cluster permission. -Stability: Short-term -""" - unsetDynamicConfig( - input: UnsetDynamicConfigInputObject! - ): Boolean! -""" -Unset the secondary bucket target for the organization. -Stability: Long-term -""" - unsetOrganizationBucket2: Organization! -""" -Unstar a saved query in user settings. -Stability: Long-term -""" - unstarQuery( - input: RemoveStarFromQueryInput! - ): SavedQueryStarredUpdate! -""" -Update the action security policies for the organization -Stability: Long-term -""" - updateActionSecurityPolicies( - input: ActionSecurityPoliciesInput! - ): Organization! -""" -Update an aggregate alert. -Stability: Long-term -""" - updateAggregateAlert( -""" -Data for updating an aggregate alert. -""" - input: UpdateAggregateAlert! - ): AggregateAlert! -""" -Update an alert. -Stability: Long-term -""" - updateAlert( -""" -Data for updating an alert -""" - input: UpdateAlert! - ): Alert! -""" -Update an ingest feed, which uses AWS S3 and SQS -Stability: Long-term -""" - updateAwsS3SqsIngestFeed( -""" -Data for updating an ingest feed which uses AWS S3 with SQS. The update is a delta update. -""" - input: UpdateAwsS3SqsIngestFeed! - ): IngestFeed! -""" -Stability: Preview -""" - updateCrossOrgViewConnectionFilters( - input: UpdateCrossOrganizationViewConnectionFiltersInput! - ): View! -""" -Update a custom link interaction. -Stability: Long-term -""" - updateCustomLinkInteraction( - input: UpdateCustomLinkInteractionInput! - ): InteractionId! -""" -Update a dashboard. -Stability: Long-term -""" - updateDashboard( - input: UpdateDashboardInput! - ): UpdateDashboardMutation! -""" -Update a dashboard filter. -Stability: Long-term -""" - updateDashboardFilter( - id: String! - filterId: String! - name: String! - prefixFilter: String! - ): Dashboard! -""" -Update a dashboard link interaction. -Stability: Long-term -""" - updateDashboardLinkInteraction( - input: UpdateDashboardLinkInteractionInput! - ): InteractionId! -""" -Update a dashboard token to run as another user -Stability: Long-term -""" - updateDashboardToken( - viewId: String! -""" -Deprecated in favor of queryOwnershipType. If field is set to anything else than the calling user id, an exception will be thrown. -""" - userId: String - dashboardToken: String! -""" -Ownership of the query run by this shared dashboard. If value is User, ownership will be based on the calling user. -""" - queryOwnershipType: QueryOwnershipType - ): View! -""" -Updates the default queryprefix for a group. -Stability: Long-term -""" - updateDefaultQueryPrefix( - input: UpdateDefaultQueryPrefixInput! - ): UpdateDefaultQueryPrefixMutation! -""" -Updates the default role for a group. -Stability: Long-term -""" - updateDefaultRole( - input: UpdateDefaultRoleInput! - ): updateDefaultRoleMutation! -""" -Stability: Long-term -""" - updateDescriptionForSearchDomain( - name: String! - newDescription: String! - ): UpdateDescriptionMutation! -""" -Updates a log collector configuration. -Stability: Short-term -""" - updateDraftLogCollectorConfiguration( - id: String! - draft: String - ): LogCollectorConfiguration! -""" -Update an email action. -Stability: Long-term -""" - updateEmailAction( -""" -Data for updating an email action. -""" - input: UpdateEmailAction! - ): EmailAction! -""" -Update an event forwarding rule on a repository and return it -Stability: Long-term -""" - updateEventForwardingRule( -""" -Data for updating an event forwarding rule -""" - input: UpdateEventForwardingRule! - ): EventForwardingRule! -""" -Update an FDR feed with the supplied changes. Note that the input fields to this method, apart from `id` and `repositoryName`, only need to be supplied if the field should be changed. -Stability: Long-term -""" - updateFdrFeed( -""" -Data for updating an FDR feed. Note that the fields, apart from `id` and `repositoryName`, only need to be supplied if the field should be changed. -""" - input: UpdateFdrFeed! - ): FdrFeed! -""" -FDR feed administrator control update -Stability: Long-term -""" - updateFdrFeedControl( -""" -Data for updating the administrator control of an FDR feed. -""" - input: UpdateFdrFeedControl! - ): FdrFeedControl! -""" -Updates an alias mapping on a schema. -Stability: Long-term -""" - updateFieldAliasMapping( - input: UpdateFieldAliasMappingInput! - ): String! -""" -Updates an existing schema. -Stability: Long-term -""" - updateFieldAliasSchema( - input: UpdateFieldAliasSchemaInput! - ): FieldAliasSchema! -""" -Change file -Stability: Long-term -""" - updateFile( - fileName: String! - name: String! -""" -The rows within the offset and limit. They will overwrite all existing rows that are also within the offset and limit. -""" - changedRows: [[String!]!]! -""" -Table headers -""" - headers: [String!]! -""" -List of column changes that will be applied to all rows in the file. Ordering is important, as the first change in the list will be executed first, and the next change will be executed on the resulting rows. -""" - columnChanges: [ColumnChange!]! -""" -Used to find when to stop replacing rows, by adding the limit to the offset. If no offset is given, the file will be truncated to match the updated rows. -""" - limit: Int -""" -Starting index to replace the old rows with the updated ones. It does not take into account the header row. -""" - offset: Int - ): UploadedFileSnapshot! -""" -Update a filter alert. -Stability: Long-term -""" - updateFilterAlert( -""" -Data for updating a filter alert -""" - input: UpdateFilterAlert! - ): FilterAlert! -""" -Stability: Short-term -""" - updateFleetInstallTokenConfigId( - token: String! - configId: String - ): FleetInstallationToken! -""" -Stability: Long-term -""" - updateFleetInstallTokenName( - token: String! - name: String! - ): FleetInstallationToken! -""" -Updates the group. -Stability: Long-term -""" - updateGroup( - input: UpdateGroupInput! - ): UpdateGroupMutation! -""" -Update a LogScale repository action. -Stability: Long-term -""" - updateHumioRepoAction( -""" -Data for updating a LogScale repository action. -""" - input: UpdateHumioRepoAction! - ): HumioRepoAction! -""" -Update IP filter. -Stability: Long-term -""" - updateIPFilter( - input: IPFilterUpdateInput! - ): IPFilter! -""" -Update an ingest listener. -Stability: Long-term -""" - updateIngestListenerV3( - input: UpdateIngestListenerV3Input! - ): IngestListener! -""" -Sets the ingest partition scheme of the LogScale cluster. Requires ManageCluster permission. Be aware that the ingest partition scheme is normally automated, and changes will be overwritten by the automation. This mutation should generally not be used unless the automation is temporarily disabled. -Stability: Short-term -""" - updateIngestPartitionScheme( -""" -The list of ingest partitions. If partitions are missing in the input, they are left unchanged. -""" - partitions: [IngestPartitionInput!]! - ): BooleanResultType! -""" -Update a Kafka event forwarder and return it -Stability: Long-term -""" - updateKafkaEventForwarder( -""" -Data for updating a Kafka event forwarder -""" - input: UpdateKafkaEventForwarder! - ): KafkaEventForwarder! -""" -Update the license key for the LogScale cluster. If there is an existing license on this cluster this operation requires permission to manage cluster. -Stability: Long-term -""" - updateLicenseKey( - license: String! - ): License! -""" -Update the limit with the given name, only the arguments defined will be updated -""" - updateLimit( - input: UpdateLimitInput! - ): Boolean! -""" -Update the limit with the given name, only the arguments defined will be updated -Stability: Long-term -""" - updateLimitV2( - input: UpdateLimitInputV2! - ): LimitV2! -""" -Update a cluster connection to a local view. -Stability: Short-term -""" - updateLocalClusterConnection( -""" -Data for updating a local cluster connection -""" - input: UpdateLocalClusterConnectionInput! - ): LocalClusterConnection! -""" -Stability: Short-term -""" - updateLogCollectorConfigurationDescription( - configId: String! - description: String - ): LogCollectorConfiguration! -""" -Stability: Short-term -""" - updateLogCollectorConfigurationName( - configId: String! - name: String! - ): LogCollectorConfiguration! -""" -Stability: Short-term -""" - updateLogCollectorGroupConfigIds( - id: String! - configIds: [String!] - ): LogCollectorGroup! -""" -Stability: Short-term -""" - updateLogCollectorGroupFilter( - id: String! - filter: String - ): LogCollectorGroup! -""" -Stability: Long-term -""" - updateLogCollectorGroupName( - id: String! - name: String! - ): LogCollectorGroup! -""" -Stability: Short-term -""" - updateLogCollectorGroupWantedVersion( - id: String! - wantedVersion: String - ): LogCollectorGroup! -""" -Stability: Long-term -""" - updateLoginBridge( - input: LoginBridgeUpdateInput! - ): LoginBridge! -""" -Override the globally configured maximum number of auto shards. -Stability: Long-term -""" - updateMaxAutoShardCount( - repositoryName: String! -""" -New override value. Set to zero to remove current override. -""" - maxAutoShardCount: Int! - ): Repository! -""" -Override the globally configured maximum size of ingest requests. -Stability: Long-term -""" - updateMaxIngestRequestSize( - repositoryName: String! -""" -New override value. Set to zero to remove current override. -""" - maxIngestRequestSize: Int! - ): Repository! -""" -Stability: Long-term -""" - updateOIDCIdentityProvider( - input: UpdateOidcConfigurationInput! - ): OidcIdentityProvider! -""" -Update an OpsGenie action. -Stability: Long-term -""" - updateOpsGenieAction( -""" -Data for updating an OpsGenie action -""" - input: UpdateOpsGenieAction! - ): OpsGenieAction! -""" -For manually fixing bad references. Root operation. -Stability: Preview -""" - updateOrganizationForeignKey( - id: String! - foreignType: Organizations__ForeignType! - operation: Organizations__Operation! - ): Organization! -""" -Update information about the organization -Stability: Short-term -""" - updateOrganizationInfo( - name: String! - countryCode: String! - industry: String! - useCases: [Organizations__UseCases!]! - ): Organization! -""" -For manually updating contract limits. System operation. -Stability: Short-term -""" - updateOrganizationLimits( - input: OrganizationLimitsInput! - ): Organization! -""" -Update mutability of the organization -""" - updateOrganizationMutability( - organizationId: String! - blockIngest: Boolean! - readonly: Boolean! - ): Organization! -""" -Update a note for a given organization. Requires root. -Stability: Short-term -""" - updateOrganizationNotes( - notes: String! - ): Boolean! -""" -Update the permissions of an organization permission token. -Stability: Long-term -""" - updateOrganizationPermissionsTokenPermissions( - input: UpdateOrganizationPermissionsTokenPermissionsInput! - ): String! -""" -Update an users organizations root state -Stability: Short-term -""" - updateOrganizationRoot( - userId: String! - organizationRoot: Boolean! - ): Organization! -""" -Update the subscription of the organization. Root operation. -Stability: Short-term -""" - updateOrganizationSubscription( - input: UpdateSubscriptionInputObject! - ): Organization! -""" -Updates a package in a specific view. -Stability: Long-term -""" - updatePackageFromRegistryV2( - UpdatePackageFromRegistryInput: UpdatePackageFromRegistryInput! - ): PackageUpdateResult! -""" -Updates a package from file provided in multipart/form-data (name=file) in a specific view. -Stability: Long-term -""" - updatePackageFromZip( -""" -The name of the view the package is installed in. -""" - viewName: String! -""" -how to handle conflicts -""" - conflictResolutions: [ConflictResolutionConfiguration!]! -""" -Ownership of the queries run by the triggers (e.g. alerts and scheduled searches) that are installed as part of this package. If value is User, ownership will be based on the calling user. -""" - queryOwnershipType: QueryOwnershipType - ): BooleanResultType! -""" -Update a PagerDuty action. -Stability: Long-term -""" - updatePagerDutyAction( -""" -Data for updating a PagerDuty action -""" - input: UpdatePagerDutyAction! - ): PagerDutyAction! -""" -Update a parser. -""" - updateParser( - input: UpdateParserInput! - ): UpdateParserMutation! -""" -Update a parser. Only the provided fields are updated on the parser, and the remaining fields not provided are unchanged. -Stability: Long-term -""" - updateParserV2( - input: UpdateParserInputV2! - ): Parser! -""" -Update the viewers profile. -Stability: Long-term -""" - updateProfile( - firstName: String - lastName: String - ): Account! -""" -Updates queryprefix for a group in a view. -Stability: Long-term -""" - updateQueryPrefix( - input: UpdateQueryPrefixInput! - ): UpdateQueryPrefixMutation! -""" -Update the readonly dashboard ip filter -Stability: Long-term -""" - updateReadonlyDashboardIPFilter( - ipFilter: String - ): Boolean! -""" -Update a cluster connection to a remote view. -Stability: Short-term -""" - updateRemoteClusterConnection( -""" -Data for updating a remote cluster connection -""" - input: UpdateRemoteClusterConnectionInput! - ): RemoteClusterConnection! -""" -Change the data type of a repository. -Stability: Short-term -""" - updateRepositoryDataType( - input: UpdateRepoDataTypeInputObject! - ): Boolean! -""" -Change the limit id of a repository. -Stability: Short-term -""" - updateRepositoryLimitId( - input: UpdateRepoLimitIdInputObject! - ): Boolean! -""" -Change the type of a repository. Only useful in Cloud setups. -Stability: Long-term -""" - updateRepositoryType( - name: String! - type: String! - ): BooleanResultType! -""" -Change the usage tag of a repository. -Stability: Short-term -""" - updateRepositoryUsageTag( - name: String! - usageTag: String! - ): Boolean! -""" -Update the retention policy of a repository. -Stability: Long-term -""" - updateRetention( -""" -The name of the repository to change retention for. -""" - repositoryName: String! -""" -The maximum time (in days) to keep data. Data old than this will be deleted. -""" - timeBasedRetention: Float -""" -Sets retention (in gigabytes) based on the size of data when it arrives to LogScale, that is before parsing and compression. LogScale will keep `at most` this amount of data. -""" - ingestSizeBasedRetention: Float -""" -Sets retention (in gigabytes) based on the size of data when it is stored in LogScale, that is after parsing and compression. LogScale will keep `at most` this amount of data. -""" - storageSizeBasedRetention: Float -""" -Sets time (in days) to keep backups before they are deleted. -""" - timeBasedBackupRetention: Float - ): UpdateRetentionMutation! -""" -Stability: Long-term -""" - updateRole( - input: UpdateRoleInput! - ): UpdateRoleMutation! -""" -Stability: Long-term -""" - updateSamlIdentityProvider( - id: String! - name: String! - signOnUrl: String! - idpCertificateInBase64: String! - idpEntityId: String! - domains: [String!]! - groupMembershipAttribute: String - userAttribute: String - enableDebug: Boolean -""" -Only used internal -""" - adminAttribute: String -""" -Only used internal -""" - adminAttributeMatch: String -""" -If multiple Idp's are defined the default idp is used whenever redirecting to login -""" - defaultIdp: Boolean -""" -Only used internal -""" - humioOwned: Boolean -""" -Lazy create users during login -""" - lazyCreateUsers: Boolean -""" -An alternative certificate to be used for IdP signature validation. Useful for handling certificate rollover -""" - alternativeIdpCertificateInBase64: String - ): SamlIdentityProvider! -""" -Updates a saved query. -Stability: Long-term -""" - updateSavedQuery( - input: UpdateSavedQueryInput! - ): UpdateSavedQueryPayload! -""" -Update a scheduled report. Only the supplied property values are updated. -Stability: Long-term -""" - updateScheduledReport( - input: UpdateScheduledReportInput! - ): ScheduledReport! -""" -Update a scheduled search. -""" - updateScheduledSearch( -""" -Data for updating a scheduled search -""" - input: UpdateScheduledSearch! - ): ScheduledSearch! -""" -Update a scheduled search. -Stability: Long-term -""" - updateScheduledSearchV2( -""" -Data for updating a scheduled search -""" - input: UpdateScheduledSearchV2! - ): ScheduledSearch! -""" -Update a search link interaction. -Stability: Long-term -""" - updateSearchLinkInteraction( - input: UpdateSearchLinkInteractionInput! - ): InteractionId! -""" -Update session settings for the organization. -Stability: Short-term -""" - updateSessionSettings( - input: SessionInput! - ): Organization! -""" -Set flags for UI states and help messages. -Stability: Preview -""" - updateSettings( - isWelcomeMessageDismissed: Boolean - isGettingStartedMessageDismissed: Boolean - isCommunityMessageDismissed: Boolean - isPackageDocsMessageDismissed: Boolean - isEventListOrderedWithNewestAtBottom: Boolean - isFieldPanelOpenByDefault: Boolean - automaticallySearch: Boolean - automaticallyHighlighting: Boolean - uiTheme: UiTheme - isDarkModeMessageDismissed: Boolean - isResizableQueryFieldMessageDismissed: Boolean - featureAnnouncementsToDismiss: [FeatureAnnouncement!] - defaultTimeZone: String - ): UserSettings! -""" -Update the shared dashboards security policies for the organization. Updating the policies will update or delete all existing tokens that do not fit into the changes. For instance, enforcing an IP filter will set the IP filter on all shared dashboard tokens. Disabling shared dashboard tokens, will delete all shared dashboard tokens. -Stability: Long-term -""" - updateSharedDashboardsSecurityPolicies( - input: SharedDashboardsSecurityPoliciesInput! - ): Organization! -""" -Update a Slack action. -Stability: Long-term -""" - updateSlackAction( -""" -Data for updating a Slack action -""" - input: UpdateSlackAction! - ): SlackAction! -""" -Update a post-message Slack action. -Stability: Long-term -""" - updateSlackPostMessageAction( -""" -Data for updating a post-message Slack action -""" - input: UpdatePostMessageSlackAction! - ): SlackPostMessageAction! -""" -Update the social login options for the organization -Stability: Preview -""" - updateSocialLoginSettings( - input: [SocialLoginSettingsInput!]! - ): Organization! -""" -Update the permissions of a system permission token. -Stability: Long-term -""" - updateSystemPermissionsTokenPermissions( - input: UpdateSystemPermissionsTokenPermissionsInput! - ): String! -""" -Update the token security policies for the organization. Updating the policies will update or delete all existing tokens that do not fit into the changes. For instance, enforcing an IP filter for personal user tokens will set the IP filter on all tokens of that type. Disabling a token type, will delete all tokens of that type. Finally setting an enforce expiration after will set that on all tokens that are above the interval and keep their current expiration if inside the interval. Tokens below the expiration will be deleted. -Stability: Long-term -""" - updateTokenSecurityPolicies( - input: TokenSecurityPoliciesInput! - ): Organization! -""" -Update an upload file action. -Stability: Long-term -""" - updateUploadFileAction( -""" -Data for updating an upload file action. -""" - input: UpdateUploadFileAction! - ): UploadFileAction! -""" -Updates a user. Requires Root Permission. -Stability: Long-term -""" - updateUser( - input: AddUserInput! - ): UpdateUserMutation! -""" -Updates a user. -Stability: Long-term -""" - updateUserById( - input: UpdateUserByIdInput! - ): UpdateUserByIdMutation! -""" -Update user default settings for the organization. -Stability: Short-term -""" - updateUserDefaultSettings( - input: UserDefaultSettingsInput! - ): Organization! -""" -Update a VictorOps action. -Stability: Long-term -""" - updateVictorOpsAction( -""" -Data for updating a VictorOps action. -""" - input: UpdateVictorOpsAction! - ): VictorOpsAction! -""" -Update a view. -Stability: Long-term -""" - updateView( - viewName: String! - connections: [ViewConnectionInput!]! - ): View! -""" -Update the permissions of a view permission token. -Stability: Long-term -""" - updateViewPermissionsTokenPermissions( - input: UpdateViewPermissionsTokenPermissionsInput! - ): String! -""" -Update a webhook action. -Stability: Long-term -""" - updateWebhookAction( -""" -Data for updating a webhook action -""" - input: UpdateWebhookAction! - ): WebhookAction! -""" -Upgrade the account. -Stability: Long-term -""" - upgradeAccount( - input: UpgradeAccountData! - ): Boolean! -} - -""" -This authentication type can be used to use LogScale without authentication. This should only be considered for testing and development purposes, it is not recommended for production systems and prevents LogScale from doing proper Audit Logging. -""" -type NoAuthentication implements AuthenticationMethod{ -""" -Stability: Preview -""" - name: String! -} - -""" -A widget get text, links, etc. -""" -type NoteWidget implements Widget{ -""" -Stability: Long-term -""" - backgroundColor: String -""" -Stability: Long-term -""" - textColor: String -""" -Stability: Long-term -""" - text: String! -""" -Stability: Long-term -""" - id: String! -""" -Stability: Long-term -""" - title: String! -""" -Stability: Long-term -""" - description: String -""" -Stability: Long-term -""" - x: Int! -""" -Stability: Long-term -""" - y: Int! -""" -Stability: Long-term -""" - width: Int! -""" -Stability: Long-term -""" - height: Int! -} - -input NotificationInput { - message: String! - target: Targets! - ids: [String!] - title: String! - dismissable: Boolean! - severity: NotificationSeverity! - link: String - linkDescription: String - notificationType: NotificationTypes! -} - -""" -Authentication through OAuth Identity Providers. -""" -type OAuthAuthentication implements AuthenticationMethod{ -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - uiLoginFlow: Boolean! -""" -Stability: Long-term -""" - google: OAuthProvider -""" -Stability: Long-term -""" - github: OAuthProvider -""" -Stability: Long-term -""" - bitbucket: OAuthProvider -""" -Stability: Long-term -""" - oidc: OIDCProvider -} - -""" -An OAuth Identity Provider. -""" -type OAuthProvider { -""" -Stability: Long-term -""" - id: String! -""" -Stability: Long-term -""" - clientId: String! -""" -Stability: Long-term -""" - redirectUrl: String! -} - -""" -An OIDC identity provider -""" -type OIDCProvider { -""" -Stability: Long-term -""" - id: String! -""" -Stability: Long-term -""" - clientId: String! -""" -Stability: Long-term -""" - redirectUrl: String! -""" -Stability: Long-term -""" - authorizationEndpoint: String -""" -Stability: Long-term -""" - serviceName: String -""" -Stability: Long-term -""" - scopes: [String!]! -""" -Stability: Long-term -""" - federatedIdp: String -} - -enum ObjectAction { - Unknown - ReadOnlyAndHidden - ReadWriteAndVisible -} - -input OidcConfigurationInput { - name: String! - clientID: String! - clientSecret: String! - issuer: String! - tokenEndpointAuthMethod: String! - authorizationEndpoint: String! - tokenEndpoint: String - userInfoEndpoint: String - registrationEndpoint: String - groupsClaim: String - JWKSEndpoint: String - domains: [String!]! - scopes: [String!]! - userClaim: String - enableDebug: Boolean! - defaultIdp: Boolean - humioOwned: Boolean - lazyCreateUsers: Boolean - federatedIdp: String - scopeClaim: String -} - -type OidcIdentityProviderAuth implements AuthenticationMethodAuth{ -""" -Stability: Long-term -""" - redirectUrl: String! -""" -Stability: Long-term -""" - authType: String! -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - scopes: [String!]! -""" -Stability: Long-term -""" - serviceName: String! -""" -Stability: Long-term -""" - authorizeEndpoint: String! -""" -Stability: Long-term -""" - clientId: String! -""" -Stability: Long-term -""" - federatedIdp: String -} - -""" -Represents information about a LogScale License. -""" -type OnPremLicense implements License{ -""" -The time at which the license expires. -Stability: Long-term -""" - expiresAt: DateTime! -""" -The time at which the license was issued. -Stability: Long-term -""" - issuedAt: DateTime! -""" -license id. -Stability: Long-term -""" - uid: String! -""" -The maximum number of user accounts allowed in LogScale. Unlimited if undefined. -Stability: Long-term -""" - maxUsers: Int -""" -The name of the entity the license was issued to. -Stability: Long-term -""" - owner: String! -""" -Indicates whether the license allows running LogScale as a SaaS platform. -Stability: Long-term -""" - isSaaS: Boolean! -""" -Indicates whether the license is an OEM license. -Stability: Long-term -""" - isOem: Boolean! -} - -""" -An OpsGenie action -""" -type OpsGenieAction implements Action{ -""" -OpsGenie webhook url to send the request to. -Stability: Long-term -""" - apiUrl: String! -""" -Key to authenticate with OpsGenie. -Stability: Long-term -""" - genieKey: String! -""" -Defines whether the action should use the configured proxy to make web requests. -Stability: Long-term -""" - useProxy: Boolean! -""" -The name of the action. -Stability: Long-term -""" - name: String! -""" -The display name of the action. -Stability: Long-term -""" - displayName: String! -""" -The id of the action. -Stability: Long-term -""" - id: String! -""" -A template that can be used to recreate the action. -Stability: Long-term -""" - yamlTemplate: YAML! -""" -Stability: Long-term -""" - packageId: VersionedPackageSpecifier -""" -The package, if any, which the action is part of. -Stability: Long-term -""" - package: PackageInstallation -""" -False if this type of action is disabled because of a security policy, true otherwise -Stability: Long-term -""" - isAllowedToRun: Boolean! -""" -True if this action is used by triggers, where the query is run by the organization. If true, then the OrganizationOwnedQueries permission is required to edit the action. -Stability: Long-term -""" - requiresOrganizationOwnedQueriesPermissionToEdit: Boolean! -""" -Allowed asset actions -Stability: Preview -""" - allowedActions: [AssetAction!]! -""" -The resource identifier for this action. -Stability: Short-term -""" - resource: String! -} - -input OrganizationLimitsInput { - ingest: Long! - retention: Int! - users: Int! - expiration: Long! - allowSelfService: Boolean - contractVersion: Organizations__ContractVersion -} - -""" -A link between two organizations -""" -type OrganizationLink { -""" -Stability: Preview -""" - parentOrganization: Organization! -""" -Stability: Preview -""" - childOrganization: Organization! -} - -""" -Query running with organization based ownership -""" -type OrganizationOwnership implements QueryOwnership{ -""" -Organization owning and running the query -Stability: Long-term -""" - organization: Organization! -""" -Id of organization owning and running the query -Stability: Long-term -""" - id: String! -} - -""" -Organization permissions token. The token allows the caller to work with organization-level permissions. -""" -type OrganizationPermissionsToken implements Token{ -""" -The set of permissions on the token -Stability: Long-term -""" - permissions: [String!]! -""" -The id of the token. -Stability: Long-term -""" - id: String! -""" -The name of the token. -Stability: Long-term -""" - name: String! -""" -The time at which the token expires. -Stability: Long-term -""" - expireAt: Long -""" -The ip filter on the token. -Stability: Long-term -""" - ipFilter: String -""" -The ip filter on the token. -Stability: Long-term -""" - ipFilterV2: IPFilter -""" -The date the token was created. -Stability: Long-term -""" - createdAt: Long! -} - -enum Organizations__ContractualType { - Limited - Unlimited - Ignored -} - -enum Organizations__ForeignType { - Unknown - Role - Group - Idp - View - User -} - -enum Organizations__Operation { - Remove - Add -} - -""" -An event produced by a parser in a test run -""" -type OutputEvent { -""" -The fields of the event -Stability: Long-term -""" - fields: [EventField!]! -} - -type PackageUpdateResult { -""" -Stability: Long-term -""" - package: Package2! -} - -""" -A PagerDuty action. -""" -type PagerDutyAction implements Action{ -""" -Severity level to give to the message. -Stability: Long-term -""" - severity: String! -""" -Routing key to authenticate with PagerDuty. -Stability: Long-term -""" - routingKey: String! -""" -Defines whether the action should use the configured proxy to make web requests. -Stability: Long-term -""" - useProxy: Boolean! -""" -The name of the action. -Stability: Long-term -""" - name: String! -""" -The display name of the action. -Stability: Long-term -""" - displayName: String! -""" -The id of the action. -Stability: Long-term -""" - id: String! -""" -A template that can be used to recreate the action. -Stability: Long-term -""" - yamlTemplate: YAML! -""" -Stability: Long-term -""" - packageId: VersionedPackageSpecifier -""" -The package, if any, which the action is part of. -Stability: Long-term -""" - package: PackageInstallation -""" -False if this type of action is disabled because of a security policy, true otherwise -Stability: Long-term -""" - isAllowedToRun: Boolean! -""" -True if this action is used by triggers, where the query is run by the organization. If true, then the OrganizationOwnedQueries permission is required to edit the action. -Stability: Long-term -""" - requiresOrganizationOwnedQueriesPermissionToEdit: Boolean! -""" -Allowed asset actions -Stability: Preview -""" - allowedActions: [AssetAction!]! -""" -The resource identifier for this action. -Stability: Short-term -""" - resource: String! -} - -input ParameterFilePropertiesInput { - fileName: String! - valueColumn: String! - labelColumn: String - valueFilters: [ParameterFileValueFilter!]! - invalidInputPatterns: [String!] - invalidInputMessage: String -} - -input ParameterFileValueFilter { - field: String! - values: [String!]! -} - -input ParameterFixedListOption { - label: String! - value: String! -} - -input ParameterFixedListPropertiesInput { - values: [ParameterFixedListOption!]! -} - -input ParameterFreeTextPropertiesInput { - invalidInputPatterns: [String!] - invalidInputMessage: String -} - -input ParameterInput { - id: String! - label: String! - defaultValue: String - order: Int - width: Int - freeTextOptions: ParameterFreeTextPropertiesInput - queryOptions: ParameterQueryPropertiesInput - fixedListOptions: ParameterFixedListPropertiesInput - fileOptions: ParameterFilePropertiesInput - isMultiParam: Boolean - defaultMultiValues: [String!] -} - -""" -A widget that contains dashboard parameters. -""" -type ParameterPanel implements Widget{ -""" -Stability: Long-term -""" - parameterIds: [String!]! -""" -Stability: Long-term -""" - id: String! -""" -Stability: Long-term -""" - title: String! -""" -Stability: Long-term -""" - description: String -""" -Stability: Long-term -""" - x: Int! -""" -Stability: Long-term -""" - y: Int! -""" -Stability: Long-term -""" - width: Int! -""" -Stability: Long-term -""" - height: Int! -} - -input ParameterQueryPropertiesInput { - queryString: String! - timeWindow: String! - optionValueField: String! - optionLabelField: String! - useDashboardTimeIfSet: Boolean! - invalidInputPatterns: [String!] - invalidInputMessage: String -} - -""" -The specification of a parameter -""" -input ParameterSpecificationInput { -""" -The specification of a parameter -""" - name: String! -""" -The specification of a parameter -""" - parameterType: ParameterTypeEnum! -""" -The specification of a parameter -""" - minLong: Long -""" -The specification of a parameter -""" - maxLong: Long -""" -The specification of a parameter -""" - minDouble: Float -""" -The specification of a parameter -""" - maxDouble: Float -""" -The specification of a parameter -""" - minLength: Int -""" -The specification of a parameter -""" - defaultValue: [String!] -} - -""" -The result of parsing a single test event -""" -type ParseEventResult { -""" -The status of parsing the test event -""" - status: ParseEventStatus! -""" -A potential error message -""" - errorMessage: String -""" -The parsed events. Can be empty if the test was dropped by the parser or contain one or more events -""" - events: [ParsedEvent!]! -} - -""" -Staus of parsing a test event -""" -enum ParseEventStatus { -""" -The event was parsed successfully -""" - success -""" -There was an error parsing the event -""" - parseError -""" -There was an error extracting a timestamp from the event -""" - timestampError -} - -""" -A parsed event -""" -type ParsedEvent { -""" -The fields of the event -""" - fields: [Field!]! -} - -""" -Assertions on the shape of a given test case output event. It is a key-pair value, where the index of the output event is the key, and the assertions are the value. -""" -input ParserTestCaseAssertionsForOutputInput { -""" -Assertions on the shape of a given test case output event. It is a key-pair value, where the index of the output event is the key, and the assertions are the value. -""" - outputEventIndex: Int! -""" -Assertions on the shape of a given test case output event. It is a key-pair value, where the index of the output event is the key, and the assertions are the value. -""" - assertions: ParserTestCaseOutputAssertionsInput! -} - -""" -Contains any test failures that relates to a specific output event. This is a key-value pair, where the index of the output event is the key, and the failures are the value. -""" -type ParserTestCaseFailuresForOutput { -""" -The index of the output event which these failures pertain to. Note that there may be failures pointing to non-existing output events, if e.g. an assertion was made on an output event which was not produced. -Stability: Long-term -""" - outputEventIndex: Int! -""" -Failures for the output event. -Stability: Long-term -""" - failures: ParserTestCaseOutputFailures! -} - -""" -A test case for a parser. -""" -input ParserTestCaseInput { -""" -A test case for a parser. -""" - event: ParserTestEventInput! -""" -A test case for a parser. -""" - outputAssertions: [ParserTestCaseAssertionsForOutputInput!] -} - -""" -Assertions on the shape of a given test case output event. -""" -input ParserTestCaseOutputAssertionsInput { -""" -Assertions on the shape of a given test case output event. -""" - fieldsNotPresent: [String!] -""" -Assertions on the shape of a given test case output event. -""" - fieldsHaveValues: [FieldHasValueInput!] -} - -""" -Failures for an output event. -""" -type ParserTestCaseOutputFailures { -""" -Any errors produced by the parser when creating an output event. -Stability: Long-term -""" - parsingErrors: [String!]! -""" -Any assertion failures on the given output event. Note that all assertion failures can be uniquely identified by the output event index and the field name they operate on. -Stability: Long-term -""" - assertionFailuresOnFields: [AssertionFailureOnField!]! -""" -Fields where the name begins with `#` even though they are not a tag. In LogScale, field names beginning with `#` are treated specially, and should only be constructed through the tagging mechanism. Fields which do begin with `#`, but are not proper tags, will be effectively unsearchable. -Stability: Preview -""" - falselyTaggedFields: [String!]! -""" -Any arrays with gaps in them. That is, if the fields `a[0]` and `a[2]` exist on an event, but not `a[1]`, we consider the array `a` to have a gap. This means LogScale will not include the `a[2]` field when doing array-based searches, since it considers `a[0]` to be the last element of the array. -Stability: Preview -""" - arraysWithGaps: [ArrayWithGap!]! -""" -Returns violations of a schema, given that a schema has been provided in the request. -Stability: Preview -""" - schemaViolations: [SchemaViolation!]! -} - -""" -The output for parsing and verifying a test case -""" -type ParserTestCaseResult { -""" -The events produced by the parser. Contains zero to many events, as a parser can both drop events, or produce multiple output events from a single input. -Stability: Long-term -""" - outputEvents: [OutputEvent!]! -""" -Any failures produced during testing. If the list is empty, the test case can be considered to have passed. If the list contains elements, they are key-value pairs to be treated as a map-construct, where the index of the output event is the key, and the failures are the value. -Stability: Long-term -""" - outputFailures: [ParserTestCaseFailuresForOutput!]! -} - -""" -An event for a parser to parse during testing. -""" -input ParserTestEventInput { -""" -An event for a parser to parse during testing. -""" - rawString: String! -} - -""" -A parser test result, where an unexpected error occurred during parsing. -""" -type ParserTestRunAborted { -""" -Stability: Long-term -""" - errorMessage: String! -} - -""" -A parser test result, where all test cases were parsed and assertions run. Each result is given in the same order as the test cases were put in, so they can be matched by index. -""" -type ParserTestRunCompleted { -""" -The results for running each test case. -Stability: Long-term -""" - results: [ParserTestCaseResult!]! -} - -""" -Input for testing a parser -""" -input ParserTestRunInput { -""" -Input for testing a parser -""" - repositoryName: RepoOrViewName! -""" -Input for testing a parser -""" - parserName: String! -""" -Input for testing a parser -""" - script: String! -""" -Input for testing a parser -""" - fieldsToTag: [String!]! -""" -Input for testing a parser -""" - fieldsToBeRemovedBeforeParsing: [String!]! -""" -Input for testing a parser -""" - testCases: [ParserTestCaseInput!]! -""" -Input for testing a parser -""" - languageVersion: LanguageVersionInputType -""" -Input for testing a parser -""" - schema: YAML -} - -""" -The output of running all the parser test cases. -""" -union ParserTestRunOutput =ParserTestRunCompleted | ParserTestRunAborted - -input PermissionAssignmentInputType { - actor: ActorInput! - resource: String! - permissionSet: PermissionSetInput! - queryPrefix: String -} - -input PermissionSetInput { - permissionSetType: PermissionSetType! - values: [String!]! -} - -""" -The different ways to specify a set of permissions. -""" -enum PermissionSetType { -""" -Permission set is expressed directly as a list of permissions -""" - Direct -""" -Permission set is expressed as a list of role Ids -""" - RoleId -""" -Permission set is expressed as a list of role names each matching one of values defined in the ReadonlyDefaultRole enum. -""" - ReadonlyDefaultRole -} - -enum Purposes { - MSP - ITOps - IOT - SecOps - DevOps -} - -""" -A dashboard parameter where suggestions are sourced from query results from LogScale. -""" -type QueryBasedDashboardParameter implements DashboardParameter{ -""" -The LogScale query executed to find suggestions for the parameter value. -Stability: Long-term -""" - queryString: String! -""" -The time window (relative to now) in which LogScale will search for suggestions. E.g. 24h or 30d. -Stability: Long-term -""" - timeWindow: String! -""" -The field in the result set used as the 'value' of the suggestions. -Stability: Long-term -""" - optionValueField: String! -""" -The field in the result set used as the 'label' (the text in the dropdown) of the suggestions. -Stability: Long-term -""" - optionLabelField: String! -""" -If true, the parameters search time window will automatically change to match the dashboard's global time when active. -Stability: Long-term -""" - useDashboardTimeIfSet: Boolean! -""" -Regex patterns used to block parameter input. -Stability: Long-term -""" - invalidInputPatterns: [String!] -""" -Message when parameter input is blocked. -Stability: Long-term -""" - invalidInputMessage: String -""" -The ID of the parameter. -Stability: Long-term -""" - id: String! -""" -The label or 'name' displayed next to the input for the variable to make it more human-readable. -Stability: Long-term -""" - label: String! -""" -The value assigned to the parameter on dashboard load, if no other value is specified. -Stability: Long-term -""" - defaultValueV2: String -""" -A number that determines the order in which parameters are displayed on a dashboard. If null, the parameter is ordered after other parameters in alphanumerical order. -Stability: Long-term -""" - order: Int -""" -A number that determines the width of a parameter. -Stability: Long-term -""" - width: Int -} - -""" -A widget with a visualization of a query result. -""" -type QueryBasedWidget implements Widget{ -""" -Stability: Long-term -""" - queryString: String! -""" -Stability: Long-term -""" - start: String! -""" -Stability: Long-term -""" - end: String! -""" -Stability: Long-term -""" - isLive: Boolean! -""" -Stability: Long-term -""" - widgetType: String! -""" -An optional JSON value containing styling and other settings for the widget. This is solely used by the UI. -Stability: Long-term -""" - options: JSON -""" -Stability: Long-term -""" - interactions: [QueryBasedWidgetInteraction!]! -""" -Stability: Long-term -""" - id: String! -""" -Stability: Long-term -""" - title: String! -""" -Stability: Long-term -""" - description: String -""" -Stability: Long-term -""" - x: Int! -""" -Stability: Long-term -""" - y: Int! -""" -Stability: Long-term -""" - width: Int! -""" -Stability: Long-term -""" - height: Int! -} - -""" -The type of query ownership -""" -enum QueryOwnershipType { -""" -Queries run on behalf of user -""" - User -""" -Queries run on behalf of the organization -""" - Organization -} - -""" -The target type to select -""" -enum QueryOwnership_SelectionTargetType { -""" -A single trigger or shared dashboard -""" - PersistentQuery -""" -All triggers and shared dashboard connected to this view -""" - View -""" -All triggers and shared dashboards within the organization -""" - Organization -} - -""" -Default Query Quota Settings for users which have not had specific settings assigned -""" -type QueryQuotaDefaultSettings { -""" -List of the rules that apply -Stability: Short-term -""" - settings: [QueryQuotaIntervalSetting!]! -} - -input QueryQuotaDefaultSettingsInput { - settings: [QueryQuotaIntervalSettingInput!]! -} - -input QueryQuotaIntervalSettingInput { - interval: QueryQuotaInterval! - measurementKind: QueryQuotaMeasurementKind! - value: Long - valueKind: QueryQuotaIntervalSettingKind! -} - -input QueryQuotaUserSettingsInput { - username: String! - settings: [QueryQuotaIntervalSettingInput!]! -} - -input RedactEventsInputType { - repositoryName: String! - start: DateTime! - end: DateTime! - query: String! - userMessage: String -} - -type RefreshClusterManagementStatsMutation { -""" -Stability: Preview -""" - reasonsNodeCannotBeSafelyUnregistered: ReasonsNodeCannotBeSafelyUnregistered! -} - -""" -A remote cluster connection. -""" -type RemoteClusterConnection implements ClusterConnection{ -""" -Public URL of the remote cluster to connect with -Stability: Short-term -""" - publicUrl: String! -""" -Id of the connection -Stability: Short-term -""" - id: String! -""" -Cluster identity of the connection -Stability: Short-term -""" - clusterId: String! -""" -Cluster connection tags -Stability: Short-term -""" - tags: [ClusterConnectionTag!]! -""" -Cluster connection query prefix -Stability: Short-term -""" - queryPrefix: String! -} - -""" -Data for removing a label from an alert -""" -input RemoveAlertLabel { -""" -Data for removing a label from an alert -""" - viewName: String! -""" -Data for removing a label from an alert -""" - id: String! -""" -Data for removing a label from an alert -""" - label: String! -} - -""" -Input object for field removeFieldAliasMapping -""" -input RemoveAliasMappingInput { -""" -Input object for field removeFieldAliasMapping -""" - schemaId: String! -""" -Input object for field removeFieldAliasMapping -""" - aliasMappingId: String! -} - -input RemoveCrossOrgViewConnectionModel { - repoName: String! - organizationId: String! -} - -input RemoveCrossOrgViewConnectionsInput { - name: String! - connectionsToRemove: [RemoveCrossOrgViewConnectionModel!]! -} - -""" -Data for removing a blocklist entry -""" -input RemoveFromBlocklistInput { -""" -Data for removing a blocklist entry -""" - id: String! -} - -type RemoveGroupMutation { -""" -Stability: Long-term -""" - group: Group! -} - -""" -Data for removing a label -""" -input RemoveLabelScheduledSearch { -""" -Data for removing a label -""" - viewName: String! -""" -Data for removing a label -""" - id: String! -""" -Data for removing a label -""" - label: String! -} - -input RemoveLimitInput { - limitName: String! -} - -input RemoveOrganizationRoleFromGroupInput { - groupId: String! - roleId: String! -} - -input RemoveParserInput { - id: String! - repositoryName: String! -} - -type RemoveParserMutation { -""" -Stability: Long-term -""" - parser: Parser! -} - -""" -Data to remove a repository cache policy -""" -input RemoveRepoCachePolicyInput { -""" -Data to remove a repository cache policy -""" - repositoryName: String! -} - -input RemoveRoleFromGroupInput { - viewId: String! - groupId: String! - roleId: String! -} - -input RemoveSecondarySubdomainInput { - subdomain: String! -} - -""" -Data for removing a star from an alert -""" -input RemoveStarFromAlert { -""" -Data for removing a star from an alert -""" - viewName: String! -""" -Data for removing a star from an alert -""" - id: String! -} - -input RemoveStarFromQueryInput { - savedQueryId: String! - searchDomainName: String! -} - -""" -Data for removing a star -""" -input RemoveStarScheduledSearch { -""" -Data for removing a star -""" - viewName: String! -""" -Data for removing a star -""" - id: String! -} - -input RemoveStarToFieldInput { - fieldName: String! - searchDomainName: String! -} - -type RemoveStarToFieldMutation { -""" -Stability: Long-term -""" - starredFields: [String!]! -} - -input RemoveSystemRoleFromGroupInput { - groupId: String! - roleId: String! -} - -input RemoveUserByIdInput { - id: String! -} - -type RemoveUserByIdMutation { -""" -Stability: Long-term -""" - user: User! -} - -input RemoveUserInput { - username: String! -} - -type RemoveUserMutation { -""" -Stability: Long-term -""" - user: User! -} - -input RemoveUsersFromGroupInput { - users: [String!]! - groupId: String! -} - -type RemoveUsersFromGroupMutation { -""" -Stability: Long-term -""" - group: Group! -} - -input RenameSearchDomainByIdInput { - id: String! - newName: String! - renameMessage: String -} - -input RepoFilterInput { - name: String! - filter: String! -} - -""" -Data for a reported warning or error. -""" -input ReportErrorInput { -""" -Data for a reported warning or error. -""" - errorType: String! -""" -Data for a reported warning or error. -""" - errorMessage: String! -} - -""" -Data for resetting quota -""" -input ResetQuotaInput { -""" -Data for resetting quota -""" - newQuota: Long -""" -Data for resetting quota -""" - newRate: Long -} - -input RestoreDeletedSearchDomainInput { - id: String! - fallbackLimitId: String -} - -input ResubmitMarketoLeadData { - utmParams: UtmParams - zip: String -} - -input RevokeSessionInput { - id: String! - revocationType: SessionRevocation__Type! -} - -input RotateTokenInputData { - id: String! -} - -input RunInconsistencyCheckInput { - dryRun: Boolean! -} - -""" -This authentication type implements the SAML 2.0 Web Browser SSO Profile. -""" -type SAMLAuthentication implements AuthenticationMethod{ -""" -Stability: Long-term -""" - name: String! -} - -type SamlIdentityProviderAuth implements AuthenticationMethodAuth{ -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - authType: String! -} - -type SavedQueryIsStarred { -""" -Stability: Long-term -""" - id: String! -""" -Stability: Long-term -""" - isStarred: Boolean! -} - -type SavedQueryStarredUpdate { -""" -Stability: Long-term -""" - savedQuery: SavedQueryIsStarred! -} - -""" -Data for reporting a failed report generation attempt. -""" -input ScheduledReportResultFailedInput { -""" -Data for reporting a failed report generation attempt. -""" - reportErrors: [ReportErrorInput!]! -} - -""" -Data for reporting a successful report generation attempt. -""" -input ScheduledReportResultSucceededInput { -""" -Data for reporting a successful report generation attempt. -""" - filename: String! -} - -input SchemaFieldInput { - name: String! - description: String -} - -""" -Violations detected against the provided schema -""" -type SchemaViolation { -""" -The name of the field on which the violation was detected -Stability: Preview -""" - fieldName: String! -""" -Error message for the violation -Stability: Preview -""" - errorMessage: String! -} - -input SearchLinkInteractionInput { - name: String! - titleTemplate: String - repoOrViewName: RepoOrViewName - queryString: String! - isLive: Boolean! - arguments: [ArgumentInput!]! - openInNewTab: Boolean! - useWidgetTimeWindow: Boolean! - fieldInteractionConditions: [FieldInteractionConditionInput!] -} - -input SectionInput { - id: String! - title: String - description: String - collapsed: Boolean! - timeSelector: TimeIntervalInput - widgetIds: [String!]! - order: Int! -} - -input SeriesConfigInput { - name: String! - title: String - color: String -} - -input ServiceLevelIndicatorLogArg { - frontendVersion: String! - content: JSON! -} - -input SessionInput { - maxInactivityPeriod: Long! - forceReauthenticationAfter: Long! -} - -enum SessionRevocation__Type { - Organization - User - Session -} - -input SetDefaultSavedQueryInput { - savedQueryId: String - viewName: String! -} - -""" -Data to set a global default cache policy -""" -input SetGlobalDefaultCachePolicyInput { -""" -Data to set a global default cache policy -""" - policy: CachePolicyInput! -} - -input SetLimitDisplayNameInput { - limitName: String! - displayName: String -} - -""" -Data for setting offset for datasources on partition type. -""" -input SetOffsetForDatasourcesOnPartitionInput { -""" -Data for setting offset for datasources on partition type. -""" - offset: Long! -""" -Data for setting offset for datasources on partition type. -""" - partition: Int! -} - -""" -Data to set a organization default cache policy -""" -input SetOrgDefaultCachePolicyInput { -""" -Data to set a organization default cache policy -""" - policy: CachePolicyInput! -} - -input SetPrimarySubdomainInput { - subdomain: String! -} - -""" -Data to set a repo cache policy -""" -input SetRepoCachePolicyInput { -""" -Data to set a repo cache policy -""" - repositoryName: String! -""" -Data to set a repo cache policy -""" - policy: CachePolicyInput! -} - -""" -Data for updating search limit on a search domain. -""" -input SetSearchLimitForSearchDomain { -""" -Data for updating search limit on a search domain. -""" - id: String! -""" -Data for updating search limit on a search domain. -""" - searchLimitMs: Long! -""" -Data for updating search limit on a search domain. -""" - excludedRepoIds: [String!]! -} - -input SetSubdomainSettingsInput { - primarySubdomain: String! - secondarySubdomains: [String!] - enforceSubdomains: Boolean! -} - -""" -Data for updating shared dashboards security policies -""" -input SharedDashboardsSecurityPoliciesInput { -""" -Data for updating shared dashboards security policies -""" - sharedDashboardsEnabled: Boolean! -""" -Data for updating shared dashboards security policies -""" - enforceIpFilterId: String -} - -""" -A Slack action -""" -type SlackAction implements Action{ -""" -Slack webhook url to send the request to. -Stability: Long-term -""" - url: String! -""" -Fields to include within the Slack message. Can be templated with values from the result. -Stability: Long-term -""" - fields: [SlackFieldEntry!]! -""" -Defines whether the action should use the configured proxy to make web requests. -Stability: Long-term -""" - useProxy: Boolean! -""" -The name of the action. -Stability: Long-term -""" - name: String! -""" -The display name of the action. -Stability: Long-term -""" - displayName: String! -""" -The id of the action. -Stability: Long-term -""" - id: String! -""" -A template that can be used to recreate the action. -Stability: Long-term -""" - yamlTemplate: YAML! -""" -Stability: Long-term -""" - packageId: VersionedPackageSpecifier -""" -The package, if any, which the action is part of. -Stability: Long-term -""" - package: PackageInstallation -""" -False if this type of action is disabled because of a security policy, true otherwise -Stability: Long-term -""" - isAllowedToRun: Boolean! -""" -True if this action is used by triggers, where the query is run by the organization. If true, then the OrganizationOwnedQueries permission is required to edit the action. -Stability: Long-term -""" - requiresOrganizationOwnedQueriesPermissionToEdit: Boolean! -""" -Allowed asset actions -Stability: Preview -""" - allowedActions: [AssetAction!]! -""" -The resource identifier for this action. -Stability: Short-term -""" - resource: String! -} - -""" -Field entry in a Slack message -""" -type SlackFieldEntry { -""" -Key of a Slack field. -Stability: Long-term -""" - fieldName: String! -""" -Value of a Slack field. -Stability: Long-term -""" - value: String! -} - -""" -Slack message field entry. -""" -input SlackFieldEntryInput { -""" -Slack message field entry. -""" - fieldName: String! -""" -Slack message field entry. -""" - value: String! -} - -""" -A slack post-message action. -""" -type SlackPostMessageAction implements Action{ -""" -Api token to authenticate with Slack. -Stability: Long-term -""" - apiToken: String! -""" -List of Slack channels to message. -Stability: Long-term -""" - channels: [String!]! -""" -Fields to include within the Slack message. Can be templated with values from the result. -Stability: Long-term -""" - fields: [SlackFieldEntry!]! -""" -Defines whether the action should use the configured proxy to make web requests. -Stability: Long-term -""" - useProxy: Boolean! -""" -The name of the action. -Stability: Long-term -""" - name: String! -""" -The display name of the action. -Stability: Long-term -""" - displayName: String! -""" -The id of the action. -Stability: Long-term -""" - id: String! -""" -A template that can be used to recreate the action. -Stability: Long-term -""" - yamlTemplate: YAML! -""" -Stability: Long-term -""" - packageId: VersionedPackageSpecifier -""" -The package, if any, which the action is part of. -Stability: Long-term -""" - package: PackageInstallation -""" -False if this type of action is disabled because of a security policy, true otherwise -Stability: Long-term -""" - isAllowedToRun: Boolean! -""" -True if this action is used by triggers, where the query is run by the organization. If true, then the OrganizationOwnedQueries permission is required to edit the action. -Stability: Long-term -""" - requiresOrganizationOwnedQueriesPermissionToEdit: Boolean! -""" -Allowed asset actions -Stability: Preview -""" - allowedActions: [AssetAction!]! -""" -The resource identifier for this action. -Stability: Short-term -""" - resource: String! -} - -input SocialLoginSettingsInput { - socialProviderProfile: SocialProviderProfile! - filter: SocialLoginField! - allowList: [String!]! -} - -type Stability { -""" -Stability: Long-term -""" - level: StabilityLevel! -} - -""" -How stable a field or enum value is. -""" -enum StabilityLevel { -""" -This part of the API is still under development and can change without warning. -""" - Preview -""" -This part of the API is short-term stable which means that breaking changes will be announced 12 weeks in advance, except in extraordinary situations like security issues. -""" - ShortTerm -""" -This part of the API is long-term stable which means that breaking changes will be announced 1 year in advance, except in extraordinary situations like security issues. -""" - LongTerm -} - -input StopQueriesInput { - clusterWide: Boolean -} - -""" -System permissions token. The token allows the caller to work with system-level permissions. -""" -type SystemPermissionsToken implements Token{ -""" -The set of permissions on the token -Stability: Long-term -""" - permissions: [String!]! -""" -The id of the token. -Stability: Long-term -""" - id: String! -""" -The name of the token. -Stability: Long-term -""" - name: String! -""" -The time at which the token expires. -Stability: Long-term -""" - expireAt: Long -""" -The ip filter on the token. -Stability: Long-term -""" - ipFilter: String -""" -The ip filter on the token. -Stability: Long-term -""" - ipFilterV2: IPFilter -""" -The date the token was created. -Stability: Long-term -""" - createdAt: Long! -} - -""" -The grouping rule for a given tag. -""" -input TagGroupingRuleInput { -""" -The grouping rule for a given tag. -""" - tagName: String! -""" -The grouping rule for a given tag. -""" - groupCount: Int! -} - -input TagsInput { - name: String! - value: String! -} - -enum Targets { - All - Group - Root - OrgRoot -} - -""" -Data for testing an ingest feed that uses AWS S3 and SQS -""" -input TestAwsS3SqsIngestFeed { -""" -Data for testing an ingest feed that uses AWS S3 and SQS -""" - repositoryName: RepoOrViewName! -""" -Data for testing an ingest feed that uses AWS S3 and SQS -""" - authentication: IngestFeedAwsAuthenticationInput! -""" -Data for testing an ingest feed that uses AWS S3 and SQS -""" - sqsUrl: String! -""" -Data for testing an ingest feed that uses AWS S3 and SQS -""" - region: String! -} - -""" -Data for testing an email action -""" -input TestEmailAction { -""" -Data for testing an email action -""" - viewName: String! -""" -Data for testing an email action -""" - name: String! -""" -Data for testing an email action -""" - recipients: [String!]! -""" -Data for testing an email action -""" - subjectTemplate: String -""" -Data for testing an email action -""" - bodyTemplate: String -""" -Data for testing an email action -""" - useProxy: Boolean! -""" -Data for testing an email action -""" - attachCsv: Boolean -""" -Data for testing an email action -""" - triggerName: String! -""" -Data for testing an email action -""" - eventData: String! -} - -""" -Collection of errors, which occurred during test. -""" -type TestFdrErrorResult { -""" -List of test errors. -Stability: Long-term -""" - errors: [error!]! -} - -""" -Data for testing an FDR feed. -""" -input TestFdrFeed { -""" -Data for testing an FDR feed. -""" - repositoryName: String! -""" -Data for testing an FDR feed. -""" - feedId: String -""" -Data for testing an FDR feed. -""" - clientId: String -""" -Data for testing an FDR feed. -""" - clientSecret: String -""" -Data for testing an FDR feed. -""" - sqsUrl: String -""" -Data for testing an FDR feed. -""" - s3Identifier: String -} - -""" -An error, which occurred when making a request towards an AWS resource. -""" -type TestFdrRequestError { -""" -Name of the AWS resource, which the request was made towards. -Stability: Long-term -""" - resourceName: String! -""" -Message specifying the request error. -Stability: Long-term -""" - message: String! -} - -""" -Result of testing an FDR feed. -""" -union TestFdrResult =TestFdrErrorResult | TestFdrSuccessResult - -""" -Test was a success. -""" -type TestFdrSuccessResult { -""" -This field is always 'true' -Stability: Long-term -""" - result: Boolean! -} - -""" -A validation error related to a particular input field. -""" -type TestFdrValidationError { -""" -Name of the field, which the error relates to. -Stability: Long-term -""" - fieldName: String! -""" -Message specifying the validation error. -Stability: Long-term -""" - message: String! -} - -""" -Data for testing a Humio repo action -""" -input TestHumioRepoAction { -""" -Data for testing a Humio repo action -""" - viewName: String! -""" -Data for testing a Humio repo action -""" - name: String! -""" -Data for testing a Humio repo action -""" - ingestToken: String! -""" -Data for testing a Humio repo action -""" - triggerName: String! -""" -Data for testing a Humio repo action -""" - eventData: String! -} - -""" -Data for testing a Kafka event forwarder -""" -input TestKafkaEventForwarder { -""" -Data for testing a Kafka event forwarder -""" - name: String! -""" -Data for testing a Kafka event forwarder -""" - description: String! -""" -Data for testing a Kafka event forwarder -""" - properties: String! -""" -Data for testing a Kafka event forwarder -""" - topic: String! -""" -Data for testing a Kafka event forwarder -""" - enabled: Boolean -} - -""" -Data for testing an OpsGenie action -""" -input TestOpsGenieAction { -""" -Data for testing an OpsGenie action -""" - viewName: String! -""" -Data for testing an OpsGenie action -""" - name: String! -""" -Data for testing an OpsGenie action -""" - apiUrl: String! -""" -Data for testing an OpsGenie action -""" - genieKey: String! -""" -Data for testing an OpsGenie action -""" - useProxy: Boolean! -""" -Data for testing an OpsGenie action -""" - triggerName: String! -""" -Data for testing an OpsGenie action -""" - eventData: String! -} - -""" -Data for testing a PagerDuty action. -""" -input TestPagerDutyAction { -""" -Data for testing a PagerDuty action. -""" - viewName: String! -""" -Data for testing a PagerDuty action. -""" - name: String! -""" -Data for testing a PagerDuty action. -""" - severity: String! -""" -Data for testing a PagerDuty action. -""" - routingKey: String! -""" -Data for testing a PagerDuty action. -""" - useProxy: Boolean! -""" -Data for testing a PagerDuty action. -""" - triggerName: String! -""" -Data for testing a PagerDuty action. -""" - eventData: String! -} - -""" -An error occurred while running the parser and no events were parsed -""" -type TestParserErrorResult { -""" -An error message -""" - errorMessage: String! -} - -""" -Input for testing a parser -""" -input TestParserInputV2 { -""" -Input for testing a parser -""" - repositoryName: String! -""" -Input for testing a parser -""" - parserId: String! -""" -Input for testing a parser -""" - parserName: String! -""" -Input for testing a parser -""" - parserScript: String! -""" -Input for testing a parser -""" - testData: [String!]! -} - -""" -The result of running the parser on all the test events -""" -union TestParserResultV2 =TestParserSuccessResultV2 | TestParserErrorResult - -""" -The parser produced results for each test event -""" -type TestParserSuccessResultV2 { -""" -The results of parsing the test events -""" - results: [ParseEventResult!]! -} - -""" -Data for testing a post message Slack action. -""" -input TestPostMessageSlackAction { -""" -Data for testing a post message Slack action. -""" - viewName: String! -""" -Data for testing a post message Slack action. -""" - name: String! -""" -Data for testing a post message Slack action. -""" - apiToken: String! -""" -Data for testing a post message Slack action. -""" - channels: [String!]! -""" -Data for testing a post message Slack action. -""" - fields: [SlackFieldEntryInput!]! -""" -Data for testing a post message Slack action. -""" - useProxy: Boolean! -""" -Data for testing a post message Slack action. -""" - triggerName: String! -""" -Data for testing a post message Slack action. -""" - eventData: String! -} - -""" -The result of the test -""" -type TestResult { -""" -True if the test was a success, false otherwise -Stability: Long-term -""" - success: Boolean! -""" -A message explaining the test result -Stability: Long-term -""" - message: String! -} - -""" -Data for testing a Slack action. -""" -input TestSlackAction { -""" -Data for testing a Slack action. -""" - viewName: String! -""" -Data for testing a Slack action. -""" - name: String! -""" -Data for testing a Slack action. -""" - url: String! -""" -Data for testing a Slack action. -""" - fields: [SlackFieldEntryInput!]! -""" -Data for testing a Slack action. -""" - useProxy: Boolean! -""" -Data for testing a Slack action. -""" - triggerName: String! -""" -Data for testing a Slack action. -""" - eventData: String! -} - -""" -Data for testing an upload file action. -""" -input TestUploadFileAction { -""" -Data for testing an upload file action. -""" - viewName: String! -""" -Data for testing an upload file action. -""" - name: String! -""" -Data for testing an upload file action. -""" - fileName: String! -""" -Data for testing an upload file action. -""" - triggerName: String! -""" -Data for testing an upload file action. -""" - eventData: String! -} - -""" -Data for testing a VictorOps action. -""" -input TestVictorOpsAction { -""" -Data for testing a VictorOps action. -""" - viewName: String! -""" -Data for testing a VictorOps action. -""" - name: String! -""" -Data for testing a VictorOps action. -""" - messageType: String! -""" -Data for testing a VictorOps action. -""" - notifyUrl: String! -""" -Data for testing a VictorOps action. -""" - useProxy: Boolean! -""" -Data for testing a VictorOps action. -""" - triggerName: String! -""" -Data for testing a VictorOps action. -""" - eventData: String! -} - -""" -Data for testing a webhook action. -""" -input TestWebhookAction { -""" -Data for testing a webhook action. -""" - viewName: String! -""" -Data for testing a webhook action. -""" - name: String! -""" -Data for testing a webhook action. -""" - url: String! -""" -Data for testing a webhook action. -""" - method: String! -""" -Data for testing a webhook action. -""" - headers: [HttpHeaderEntryInput!]! -""" -Data for testing a webhook action. -""" - bodyTemplate: String! -""" -Data for testing a webhook action. -""" - ignoreSSL: Boolean! -""" -Data for testing a webhook action. -""" - useProxy: Boolean! -""" -Data for testing a webhook action. -""" - triggerName: String! -""" -Data for testing a webhook action. -""" - eventData: String! -} - -input TimeIntervalInput { - start: String! - end: String! -} - -input TokenInput { - token: String! -} - -""" -Data for updating token security policies -""" -input TokenSecurityPoliciesInput { -""" -Data for updating token security policies -""" - personalUserTokensEnabled: Boolean! -""" -Data for updating token security policies -""" - personalUserTokensEnforceExpirationAfterMs: Long -""" -Data for updating token security policies -""" - personalUserTokensEnforceIpFilterId: String -""" -Data for updating token security policies -""" - viewPermissionTokensEnabled: Boolean! -""" -Data for updating token security policies -""" - viewPermissionTokensEnforceExpirationAfterMs: Long -""" -Data for updating token security policies -""" - viewPermissionTokensEnforceIpFilterId: String -""" -Data for updating token security policies -""" - viewPermissionTokensAllowPermissionUpdates: Boolean! -""" -Data for updating token security policies -""" - organizationPermissionTokensEnabled: Boolean! -""" -Data for updating token security policies -""" - organizationPermissionTokensEnforceExpirationAfterMs: Long -""" -Data for updating token security policies -""" - organizationPermissionTokensEnforceIpFilterId: String -""" -Data for updating token security policies -""" - organizationPermissionTokensAllowPermissionUpdates: Boolean! -""" -Data for updating token security policies -""" - systemPermissionTokensEnabled: Boolean -""" -Data for updating token security policies -""" - systemPermissionTokensEnforceExpirationAfterMs: Long -""" -Data for updating token security policies -""" - systemPermissionTokensEnforceIpFilterId: String -""" -Data for updating token security policies -""" - systemPermissionTokensAllowPermissionUpdates: Boolean -} - -""" -Represents information about an on-going trial of LogScale. -""" -type TrialLicense implements License{ -""" -The time at which the trial ends. -Stability: Long-term -""" - expiresAt: DateTime! -""" -The time at which the trial started. -Stability: Long-term -""" - issuedAt: DateTime! -} - -""" -Data for trigger polling an ingest feed -""" -input TriggerPollIngestFeed { -""" -Data for trigger polling an ingest feed -""" - repositoryName: RepoOrViewName! -""" -Data for trigger polling an ingest feed -""" - id: String! -} - -type UnassignIngestTokenMutation { -""" -Stability: Long-term -""" - repository: Repository! -} - -type UnassignOrganizationManagementRoleFromGroup { -""" -Stability: Preview -""" - group: Group! -} - -input UnassignOrganizationManagementRoleFromGroupInput { - groupId: String! - roleId: String! - organizationIds: [String!]! -} - -type UnassignOrganizationRoleFromGroup { -""" -Stability: Long-term -""" - group: Group! -} - -type UnassignRoleFromGroup { -""" -Stability: Long-term -""" - group: Group! -} - -type UnassignSystemRoleFromGroup { -""" -Stability: Long-term -""" - group: Group! -} - -type UnblockIngestMutation { -""" -Stability: Long-term -""" - repository: Repository! -} - -""" -A widget that represents an unknown widget type. -""" -type UnknownWidget implements Widget{ -""" -Stability: Long-term -""" - id: String! -""" -Stability: Long-term -""" - title: String! -""" -Stability: Long-term -""" - description: String -""" -Stability: Long-term -""" - x: Int! -""" -Stability: Long-term -""" - y: Int! -""" -Stability: Long-term -""" - width: Int! -""" -Stability: Long-term -""" - height: Int! -} - -type Unlimited implements contractual{ -""" - -Stability: Long-term -""" - includeUsage: Boolean! -} - -type UnregisterNodeMutation { -""" -Stability: Long-term -""" - cluster: Cluster! -} - -input UnsetDynamicConfigInputObject { - config: DynamicConfig! -} - -""" -Data for updating an aggregate alert. -""" -input UpdateAggregateAlert { -""" -Data for updating an aggregate alert. -""" - viewName: RepoOrViewName! -""" -Data for updating an aggregate alert. -""" - id: String! -""" -Data for updating an aggregate alert. -""" - name: String! -""" -Data for updating an aggregate alert. -""" - description: String -""" -Data for updating an aggregate alert. -""" - queryString: String! -""" -Data for updating an aggregate alert. -""" - actionIdsOrNames: [String!]! -""" -Data for updating an aggregate alert. -""" - labels: [String!]! -""" -Data for updating an aggregate alert. -""" - enabled: Boolean! -""" -Data for updating an aggregate alert. -""" - throttleTimeSeconds: Long! -""" -Data for updating an aggregate alert. -""" - throttleField: String -""" -Data for updating an aggregate alert. -""" - searchIntervalSeconds: Long! -""" -Data for updating an aggregate alert. -""" - queryTimestampType: QueryTimestampType! -""" -Data for updating an aggregate alert. -""" - triggerMode: TriggerMode! -""" -Data for updating an aggregate alert. -""" - runAsUserId: String -""" -Data for updating an aggregate alert. -""" - queryOwnershipType: QueryOwnershipType! -} - -""" -Data for updating an alert -""" -input UpdateAlert { -""" -Data for updating an alert -""" - viewName: String! -""" -Data for updating an alert -""" - id: String! -""" -Data for updating an alert -""" - name: String! -""" -Data for updating an alert -""" - description: String -""" -Data for updating an alert -""" - queryString: String! -""" -Data for updating an alert -""" - queryStart: String! -""" -Data for updating an alert -""" - throttleTimeMillis: Long! -""" -Data for updating an alert -""" - throttleField: String -""" -Data for updating an alert -""" - runAsUserId: String -""" -Data for updating an alert -""" - enabled: Boolean! -""" -Data for updating an alert -""" - actions: [String!]! -""" -Data for updating an alert -""" - labels: [String!]! -""" -Data for updating an alert -""" - queryOwnershipType: QueryOwnershipType -} - -""" -Data for updating an ingest feed which uses AWS S3 with SQS. The update is a delta update. -""" -input UpdateAwsS3SqsIngestFeed { -""" -Data for updating an ingest feed which uses AWS S3 with SQS. The update is a delta update. -""" - repositoryName: RepoOrViewName! -""" -Data for updating an ingest feed which uses AWS S3 with SQS. The update is a delta update. -""" - id: String! -""" -Data for updating an ingest feed which uses AWS S3 with SQS. The update is a delta update. -""" - name: String -""" -Data for updating an ingest feed which uses AWS S3 with SQS. The update is a delta update. -""" - description: UpdateIngestFeedDescription -""" -Data for updating an ingest feed which uses AWS S3 with SQS. The update is a delta update. -""" - parser: String -""" -Data for updating an ingest feed which uses AWS S3 with SQS. The update is a delta update. -""" - authentication: IngestFeedAwsAuthenticationInput -""" -Data for updating an ingest feed which uses AWS S3 with SQS. The update is a delta update. -""" - sqsUrl: String -""" -Data for updating an ingest feed which uses AWS S3 with SQS. The update is a delta update. -""" - region: String -""" -Data for updating an ingest feed which uses AWS S3 with SQS. The update is a delta update. -""" - enabled: Boolean -""" -Data for updating an ingest feed which uses AWS S3 with SQS. The update is a delta update. -""" - preprocessing: IngestFeedPreprocessingInput -""" -Data for updating an ingest feed which uses AWS S3 with SQS. The update is a delta update. -""" - compression: IngestFeedCompression -} - -input UpdateCrossOrganizationViewConnectionFiltersInput { - name: String! - connectionsToUpdate: [CrossOrganizationViewConnectionInputModel!]! -} - -input UpdateCustomLinkInteractionInput { - path: String! - interactionId: String! - customLinkInteractionInput: CustomLinkInteractionInput! -} - -input UpdateDashboardInput { - id: String! - name: String - labels: [String!] - widgets: [WidgetInput!] - sections: [SectionInput!] - links: [LinkInput!] - defaultFilterId: String - filters: [FilterInput!] - parameters: [ParameterInput!] - description: String - timeJumpSizeInMs: Int - updateFrequency: DashboardUpdateFrequencyInput - defaultSharedTimeStart: String - defaultSharedTimeEnd: String - defaultSharedTimeEnabled: Boolean - series: [SeriesConfigInput!] -} - -input UpdateDashboardLinkInteractionInput { - path: String! - interactionId: String! - dashboardLinkInteractionInput: DashboardLinkInteractionInput! -} - -type UpdateDashboardMutation { -""" -Stability: Long-term -""" - dashboard: Dashboard! -} - -input UpdateDefaultQueryPrefixInput { - queryPrefix: String - groupId: String! -} - -type UpdateDefaultQueryPrefixMutation { -""" -Stability: Long-term -""" - group: Group! -} - -input UpdateDefaultRoleInput { - roleId: String - groupId: String! -} - -""" -Type for updating the description. If the description should be cleared, supply an `UpdateDescription` object with no value or a `null` value. If the description should be changed, supply an `UpdateDescription`object with the desired value. -""" -input UpdateDescription { -""" -Type for updating the description. If the description should be cleared, supply an `UpdateDescription` object with no value or a `null` value. If the description should be changed, supply an `UpdateDescription`object with the desired value. -""" - value: String -} - -type UpdateDescriptionMutation { -""" -Stability: Long-term -""" - description: String! -} - -""" -Data for updating an email action. -""" -input UpdateEmailAction { -""" -Data for updating an email action. -""" - viewName: String! -""" -Data for updating an email action. -""" - id: String! -""" -Data for updating an email action. -""" - name: String! -""" -Data for updating an email action. -""" - recipients: [String!]! -""" -Data for updating an email action. -""" - subjectTemplate: String -""" -Data for updating an email action. -""" - bodyTemplate: String -""" -Data for updating an email action. -""" - useProxy: Boolean! -""" -Data for updating an email action. -""" - attachCsv: Boolean -} - -""" -Data for updating an event forwarding rule -""" -input UpdateEventForwardingRule { -""" -Data for updating an event forwarding rule -""" - repoName: String! -""" -Data for updating an event forwarding rule -""" - id: String! -""" -Data for updating an event forwarding rule -""" - queryString: String! -""" -Data for updating an event forwarding rule -""" - eventForwarderId: String! -""" -Data for updating an event forwarding rule -""" - languageVersion: LanguageVersionEnum -} - -""" -Data for updating an FDR feed. Note that the fields, apart from `id` and `repositoryName`, only need to be supplied if the field should be changed. -""" -input UpdateFdrFeed { -""" -Data for updating an FDR feed. Note that the fields, apart from `id` and `repositoryName`, only need to be supplied if the field should be changed. -""" - repositoryName: String! -""" -Data for updating an FDR feed. Note that the fields, apart from `id` and `repositoryName`, only need to be supplied if the field should be changed. -""" - id: String! -""" -Data for updating an FDR feed. Note that the fields, apart from `id` and `repositoryName`, only need to be supplied if the field should be changed. -""" - name: String -""" -Data for updating an FDR feed. Note that the fields, apart from `id` and `repositoryName`, only need to be supplied if the field should be changed. -""" - description: UpdateDescription -""" -Data for updating an FDR feed. Note that the fields, apart from `id` and `repositoryName`, only need to be supplied if the field should be changed. -""" - parser: String -""" -Data for updating an FDR feed. Note that the fields, apart from `id` and `repositoryName`, only need to be supplied if the field should be changed. -""" - clientId: String -""" -Data for updating an FDR feed. Note that the fields, apart from `id` and `repositoryName`, only need to be supplied if the field should be changed. -""" - clientSecret: String -""" -Data for updating an FDR feed. Note that the fields, apart from `id` and `repositoryName`, only need to be supplied if the field should be changed. -""" - sqsUrl: String -""" -Data for updating an FDR feed. Note that the fields, apart from `id` and `repositoryName`, only need to be supplied if the field should be changed. -""" - s3Identifier: String -""" -Data for updating an FDR feed. Note that the fields, apart from `id` and `repositoryName`, only need to be supplied if the field should be changed. -""" - enabled: Boolean -} - -""" -Data for updating the administrator control of an FDR feed. -""" -input UpdateFdrFeedControl { -""" -Data for updating the administrator control of an FDR feed. -""" - repositoryName: String! -""" -Data for updating the administrator control of an FDR feed. -""" - id: String! -""" -Data for updating the administrator control of an FDR feed. -""" - maxNodes: UpdateLong -""" -Data for updating the administrator control of an FDR feed. -""" - fileDownloadParallelism: UpdateLong -} - -""" -Input object for field updateFieldAliasMapping -""" -input UpdateFieldAliasMappingInput { -""" -Input object for field updateFieldAliasMapping -""" - schemaId: String! -""" -Input object for field updateFieldAliasMapping -""" - aliasMappingId: String! -""" -Input object for field updateFieldAliasMapping -""" - name: String -""" -Input object for field updateFieldAliasMapping -""" - tags: [TagsInput!] -""" -Input object for field updateFieldAliasMapping -""" - aliases: [AliasInfoInput!] -""" -Input object for field updateFieldAliasMapping -""" - originalFieldsToKeep: [String!] -} - -""" -Input object for field updateFieldAliasSchema -""" -input UpdateFieldAliasSchemaInput { -""" -Input object for field updateFieldAliasSchema -""" - id: String! -""" -Input object for field updateFieldAliasSchema -""" - name: String -""" -Input object for field updateFieldAliasSchema -""" - fields: [SchemaFieldInput!] -""" -Input object for field updateFieldAliasSchema -""" - aliasMappings: [AliasMappingInput!] -} - -""" -Data for updating a filter alert -""" -input UpdateFilterAlert { -""" -Data for updating a filter alert -""" - viewName: RepoOrViewName! -""" -Data for updating a filter alert -""" - id: String! -""" -Data for updating a filter alert -""" - name: String! -""" -Data for updating a filter alert -""" - description: String -""" -Data for updating a filter alert -""" - queryString: String! -""" -Data for updating a filter alert -""" - actionIdsOrNames: [String!]! -""" -Data for updating a filter alert -""" - labels: [String!]! -""" -Data for updating a filter alert -""" - enabled: Boolean! -""" -Data for updating a filter alert -""" - throttleTimeSeconds: Long -""" -Data for updating a filter alert -""" - throttleField: String -""" -Data for updating a filter alert -""" - runAsUserId: String -""" -Data for updating a filter alert -""" - queryOwnershipType: QueryOwnershipType! -} - -input UpdateGroupInput { - groupId: String! - displayName: String - lookupName: String -} - -type UpdateGroupMutation { -""" -Stability: Long-term -""" - group: Group! -} - -""" -Data for updating a LogScale repository action. -""" -input UpdateHumioRepoAction { -""" -Data for updating a LogScale repository action. -""" - viewName: String! -""" -Data for updating a LogScale repository action. -""" - id: String! -""" -Data for updating a LogScale repository action. -""" - name: String! -""" -Data for updating a LogScale repository action. -""" - ingestToken: String! -} - -""" -Type for updating the description. If the description should be cleared, supply an `UpdateDescription` object with no value or a `null` value. If the description should be changed, supply an `UpdateDescription`object with the desired value. -""" -input UpdateIngestFeedDescription { -""" -Type for updating the description. If the description should be cleared, supply an `UpdateDescription` object with no value or a `null` value. If the description should be changed, supply an `UpdateDescription`object with the desired value. -""" - description: String -} - -""" -Input data to update an ingest listener -""" -input UpdateIngestListenerV3Input { -""" -Input data to update an ingest listener -""" - id: String! -""" -Input data to update an ingest listener -""" - repositoryName: String! -""" -Input data to update an ingest listener -""" - port: Int! -""" -Input data to update an ingest listener -""" - protocol: IngestListenerProtocol! -""" -Input data to update an ingest listener -""" - vHost: Int -""" -Input data to update an ingest listener -""" - name: String! -""" -Input data to update an ingest listener -""" - bindInterface: String! -""" -Input data to update an ingest listener -""" - parser: String! -""" -Input data to update an ingest listener -""" - charset: String! -} - -""" -Data for updating a Kafka event forwarder -""" -input UpdateKafkaEventForwarder { -""" -Data for updating a Kafka event forwarder -""" - id: String! -""" -Data for updating a Kafka event forwarder -""" - name: String! -""" -Data for updating a Kafka event forwarder -""" - description: String! -""" -Data for updating a Kafka event forwarder -""" - properties: String! -""" -Data for updating a Kafka event forwarder -""" - topic: String! -""" -Data for updating a Kafka event forwarder -""" - enabled: Boolean -} - -input UpdateLimitInput { - limitName: String! - allowLogin: Boolean - dailyIngest: Long - retention: Int - allowSelfService: Boolean - expiration: Long - contractVersion: Organizations__ContractVersion - userLimit: Int -} - -input UpdateLimitInputV2 { - id: String! - name: String - allowLogin: Boolean - dailyIngest: Long - dailyIngestContractualType: Organizations__ContractualType - storageContractualType: Organizations__ContractualType - dailyScanContractualType: Organizations__ContractualType - measurementType: Organizations__MeasurementType - dailyScan: Long - retention: Int - maxRetention: Int - allowSelfService: Boolean - expiration: Long - userLimit: Int - dateType: String - trial: Boolean - allowFlightControl: Boolean - repositoryLimit: Int -} - -""" -Data for updating a local cluster connection -""" -input UpdateLocalClusterConnectionInput { -""" -Data for updating a local cluster connection -""" - multiClusterViewName: String! -""" -Data for updating a local cluster connection -""" - connectionId: String! -""" -Data for updating a local cluster connection -""" - targetViewName: String -""" -Data for updating a local cluster connection -""" - tags: [ClusterConnectionInputTag!] -""" -Data for updating a local cluster connection -""" - queryPrefix: String -} - -""" -If the value should be cleared, supply an `UpdateLong` object the with no value or a `null` value. If the setting should be changed, supply a `UpdateLong` object with the desired value. -""" -input UpdateLong { -""" -If the value should be cleared, supply an `UpdateLong` object the with no value or a `null` value. If the setting should be changed, supply a `UpdateLong` object with the desired value. -""" - value: Int -} - -input UpdateOidcConfigurationInput { - id: String! - name: String! - clientID: String! - clientSecret: String! - issuer: String! - tokenEndpointAuthMethod: String! - authorizationEndpoint: String! - tokenEndpoint: String - userInfoEndpoint: String - registrationEndpoint: String - groupsClaim: String - JWKSEndpoint: String - domains: [String!]! - scopes: [String!]! - userClaim: String! - enableDebug: Boolean! - defaultIdp: Boolean - humioOwned: Boolean - lazyCreateUsers: Boolean - federatedIdp: String - scopeClaim: String -} - -""" -Data for updating an OpsGenie action -""" -input UpdateOpsGenieAction { -""" -Data for updating an OpsGenie action -""" - viewName: String! -""" -Data for updating an OpsGenie action -""" - id: String! -""" -Data for updating an OpsGenie action -""" - name: String! -""" -Data for updating an OpsGenie action -""" - apiUrl: String! -""" -Data for updating an OpsGenie action -""" - genieKey: String! -""" -Data for updating an OpsGenie action -""" - useProxy: Boolean! -} - -input UpdateOrganizationPermissionsTokenPermissionsInput { - id: String! - permissions: [OrganizationPermission!]! -} - -input UpdatePackageFromRegistryInput { - viewName: RepoOrViewName! - packageId: VersionedPackageSpecifier! - conflictResolutions: [ConflictResolutionConfiguration!]! - queryOwnershipType: QueryOwnershipType -} - -""" -Data for updating a PagerDuty action -""" -input UpdatePagerDutyAction { -""" -Data for updating a PagerDuty action -""" - viewName: String! -""" -Data for updating a PagerDuty action -""" - id: String! -""" -Data for updating a PagerDuty action -""" - name: String! -""" -Data for updating a PagerDuty action -""" - severity: String! -""" -Data for updating a PagerDuty action -""" - routingKey: String! -""" -Data for updating a PagerDuty action -""" - useProxy: Boolean! -} - -input UpdateParametersInteractionInput { - name: String! - titleTemplate: String - arguments: [ArgumentInput!]! - useWidgetTimeWindow: Boolean! - fieldInteractionConditions: [FieldInteractionConditionInput!] -} - -""" -Input for updating a parser. -""" -input UpdateParserInput { -""" -Input for updating a parser. -""" - repositoryName: String -""" -Input for updating a parser. -""" - id: String -""" -Input for updating a parser. -""" - name: String -""" -Input for updating a parser. -""" - testData: [String!] -""" -Input for updating a parser. -""" - sourceCode: String -""" -Input for updating a parser. -""" - tagFields: [String!] -""" -Input for updating a parser. -""" - fieldsToBeRemovedBeforeParsing: [String!] -""" -Input for updating a parser. -""" - languageVersion: LanguageVersionEnum -} - -""" -Input for updating a parser. -""" -input UpdateParserInputV2 { -""" -Input for updating a parser. -""" - repositoryName: RepoOrViewName! -""" -Input for updating a parser. -""" - id: String! -""" -Input for updating a parser. -""" - name: String -""" -Input for updating a parser. -""" - script: UpdateParserScriptInput -""" -Input for updating a parser. -""" - testCases: [ParserTestCaseInput!] -""" -Input for updating a parser. -""" - fieldsToTag: [String!] -""" -Input for updating a parser. -""" - fieldsToBeRemovedBeforeParsing: [String!] -} - -type UpdateParserMutation { -""" -Stability: Long-term -""" - parser: Parser! -} - -""" -Input for updating the parser script. -""" -input UpdateParserScriptInput { -""" -Input for updating the parser script. -""" - script: String! -""" -Input for updating the parser script. -""" - languageVersion: LanguageVersionInputType -} - -""" -Data for updating a post-message Slack action -""" -input UpdatePostMessageSlackAction { -""" -Data for updating a post-message Slack action -""" - viewName: String! -""" -Data for updating a post-message Slack action -""" - id: String! -""" -Data for updating a post-message Slack action -""" - name: String! -""" -Data for updating a post-message Slack action -""" - apiToken: String! -""" -Data for updating a post-message Slack action -""" - channels: [String!]! -""" -Data for updating a post-message Slack action -""" - fields: [SlackFieldEntryInput!]! -""" -Data for updating a post-message Slack action -""" - useProxy: Boolean! -} - -input UpdateQueryPrefixInput { - queryPrefix: String! - viewId: String! - groupId: String! -} - -type UpdateQueryPrefixMutation { -""" -Stability: Long-term -""" - group: Group! -} - -""" -Data for updating a remote cluster connection -""" -input UpdateRemoteClusterConnectionInput { -""" -Data for updating a remote cluster connection -""" - multiClusterViewName: String! -""" -Data for updating a remote cluster connection -""" - connectionId: String! -""" -Data for updating a remote cluster connection -""" - publicUrl: String -""" -Data for updating a remote cluster connection -""" - token: String -""" -Data for updating a remote cluster connection -""" - tags: [ClusterConnectionInputTag!] -""" -Data for updating a remote cluster connection -""" - queryPrefix: String -} - -input UpdateRepoDataTypeInputObject { - dataspaceId: String! - repoDataType: RepositoryDataType! -} - -input UpdateRepoLimitIdInputObject { - dataspaceId: String! - limitId: String! -} - -type UpdateRetentionMutation { -""" -Stability: Long-term -""" - repository: SearchDomain! -} - -input UpdateRoleInput { - roleId: String! - displayName: String! - viewPermissions: [Permission!]! - description: String - color: String - systemPermissions: [SystemPermission!] - organizationPermissions: [OrganizationPermission!] - objectAction: ObjectAction - organizationManagementPermissions: [OrganizationManagementPermission!] -} - -type UpdateRoleMutation { -""" -Stability: Long-term -""" - role: Role! -} - -input UpdateSavedQueryInput { - id: String! - name: String - viewName: String! - queryString: String - start: String - end: String - isLive: Boolean - widgetType: String - options: String - dashboardLinkInteractions: [DashboardLinkInteractionInput!] - customLinkInteractions: [CustomLinkInteractionInput!] - searchLinkInteractions: [SearchLinkInteractionInput!] - updateParametersInteractions: [UpdateParametersInteractionInput!] -} - -type UpdateSavedQueryPayload { -""" -Stability: Long-term -""" - savedQuery: SavedQuery! -} - -""" -Data for updating a scheduled report. -""" -input UpdateScheduledReportInput { -""" -Data for updating a scheduled report. -""" - viewName: String! -""" -Data for updating a scheduled report. -""" - id: String! -""" -Data for updating a scheduled report. -""" - name: String -""" -Data for updating a scheduled report. -""" - password: String -""" -Data for updating a scheduled report. -""" - enabled: Boolean -""" -Data for updating a scheduled report. -""" - description: String -""" -Data for updating a scheduled report. -""" - dashboardId: String -""" -Data for updating a scheduled report. -""" - timeIntervalFrom: String -""" -Data for updating a scheduled report. -""" - schedule: UpdateScheduledReportScheduleInput -""" -Data for updating a scheduled report. -""" - labels: [String!] -""" -Data for updating a scheduled report. -""" - parameters: [UpdateScheduledReportParameterValueInput!] -""" -Data for updating a scheduled report. -""" - recipients: [String!] -""" -Data for updating a scheduled report. -""" - layout: UpdateScheduledReportLayoutInput -} - -""" -Layout of the scheduled report. -""" -input UpdateScheduledReportLayoutInput { -""" -Layout of the scheduled report. -""" - paperSize: String -""" -Layout of the scheduled report. -""" - paperOrientation: String -""" -Layout of the scheduled report. -""" - paperLayout: String -""" -Layout of the scheduled report. -""" - showDescription: Boolean -""" -Layout of the scheduled report. -""" - showTitleFrontpage: Boolean -""" -Layout of the scheduled report. -""" - showParameters: Boolean -""" -Layout of the scheduled report. -""" - maxNumberOfRows: Int -""" -Layout of the scheduled report. -""" - showTitleHeader: Boolean -""" -Layout of the scheduled report. -""" - showExportDate: Boolean -""" -Layout of the scheduled report. -""" - footerShowPageNumbers: Boolean -} - -""" -List of parameter value configurations. -""" -input UpdateScheduledReportParameterValueInput { -""" -List of parameter value configurations. -""" - id: String! -""" -List of parameter value configurations. -""" - value: String! -} - -""" -The schedule to run the report by. -""" -input UpdateScheduledReportScheduleInput { -""" -The schedule to run the report by. -""" - cronExpression: String! -""" -The schedule to run the report by. -""" - timeZone: String! -""" -The schedule to run the report by. -""" - startDate: Long! -""" -The schedule to run the report by. -""" - endDate: Long -} - -""" -Data for updating a scheduled search -""" -input UpdateScheduledSearch { -""" -Data for updating a scheduled search -""" - viewName: String! -""" -Data for updating a scheduled search -""" - id: String! -""" -Data for updating a scheduled search -""" - name: String! -""" -Data for updating a scheduled search -""" - description: String -""" -Data for updating a scheduled search -""" - queryString: String! -""" -Data for updating a scheduled search -""" - queryStart: String! -""" -Data for updating a scheduled search -""" - queryEnd: String! -""" -Data for updating a scheduled search -""" - schedule: String! -""" -Data for updating a scheduled search -""" - timeZone: String! -""" -Data for updating a scheduled search -""" - backfillLimit: Int! -""" -Data for updating a scheduled search -""" - enabled: Boolean! -""" -Data for updating a scheduled search -""" - actions: [String!]! -""" -Data for updating a scheduled search -""" - labels: [String!]! -""" -Data for updating a scheduled search -""" - runAsUserId: String -""" -Data for updating a scheduled search -""" - queryOwnershipType: QueryOwnershipType -} - -""" -Data for updating a scheduled search -""" -input UpdateScheduledSearchV2 { -""" -Data for updating a scheduled search -""" - viewName: String! -""" -Data for updating a scheduled search -""" - id: String! -""" -Data for updating a scheduled search -""" - name: String! -""" -Data for updating a scheduled search -""" - description: String -""" -Data for updating a scheduled search -""" - queryString: String! -""" -Data for updating a scheduled search -""" - schedule: String! -""" -Data for updating a scheduled search -""" - timeZone: String! -""" -Data for updating a scheduled search -""" - searchIntervalSeconds: Long! -""" -Data for updating a scheduled search -""" - searchIntervalOffsetSeconds: Long -""" -Data for updating a scheduled search -""" - maxWaitTimeSeconds: Long -""" -Data for updating a scheduled search -""" - queryTimestampType: QueryTimestampType! -""" -Data for updating a scheduled search -""" - backfillLimit: Int -""" -Data for updating a scheduled search -""" - enabled: Boolean! -""" -Data for updating a scheduled search -""" - actionIdsOrNames: [String!]! -""" -Data for updating a scheduled search -""" - labels: [String!]! -""" -Data for updating a scheduled search -""" - runAsUserId: String -""" -Data for updating a scheduled search -""" - queryOwnershipType: QueryOwnershipType! -} - -input UpdateSearchLinkInteractionInput { - path: String! - interactionId: String! - searchLinkInteractionInput: SearchLinkInteractionInput! -} - -""" -Data for updating a Slack action -""" -input UpdateSlackAction { -""" -Data for updating a Slack action -""" - viewName: String! -""" -Data for updating a Slack action -""" - id: String! -""" -Data for updating a Slack action -""" - name: String! -""" -Data for updating a Slack action -""" - url: String! -""" -Data for updating a Slack action -""" - fields: [SlackFieldEntryInput!]! -""" -Data for updating a Slack action -""" - useProxy: Boolean! -} - -input UpdateSubscriptionInputObject { - subscription: Organizations__Subscription! - trialDays: Int -} - -input UpdateSystemPermissionsTokenPermissionsInput { - id: String! - permissions: [SystemPermission!]! -} - -""" -Data for updating an upload file action. -""" -input UpdateUploadFileAction { -""" -Data for updating an upload file action. -""" - viewName: String! -""" -Data for updating an upload file action. -""" - id: String! -""" -Data for updating an upload file action. -""" - name: String! -""" -Data for updating an upload file action. -""" - fileName: String! -} - -input UpdateUserByIdInput { - userId: String! - company: String - isRoot: Boolean - username: String - firstName: String - lastName: String - fullName: String - picture: String - email: String - countryCode: String - stateCode: String -} - -type UpdateUserByIdMutation { -""" -Stability: Long-term -""" - user: User! -} - -type UpdateUserMutation { -""" -Stability: Long-term -""" - user: User! -} - -""" -Data for updating a VictorOps action. -""" -input UpdateVictorOpsAction { -""" -Data for updating a VictorOps action. -""" - viewName: String! -""" -Data for updating a VictorOps action. -""" - id: String! -""" -Data for updating a VictorOps action. -""" - name: String! -""" -Data for updating a VictorOps action. -""" - messageType: String! -""" -Data for updating a VictorOps action. -""" - notifyUrl: String! -""" -Data for updating a VictorOps action. -""" - useProxy: Boolean! -} - -input UpdateViewPermissionsTokenPermissionsInput { - id: String! - permissions: [Permission!]! -} - -""" -Data for updating a webhook action -""" -input UpdateWebhookAction { -""" -Data for updating a webhook action -""" - viewName: String! -""" -Data for updating a webhook action -""" - id: String! -""" -Data for updating a webhook action -""" - name: String! -""" -Data for updating a webhook action -""" - url: String! -""" -Data for updating a webhook action -""" - method: String! -""" -Data for updating a webhook action -""" - headers: [HttpHeaderEntryInput!]! -""" -Data for updating a webhook action -""" - bodyTemplate: String! -""" -Data for updating a webhook action -""" - ignoreSSL: Boolean! -""" -Data for updating a webhook action -""" - useProxy: Boolean! -} - -input UpgradeAccountData { - lastName: String! - company: String! - email: String! - firstName: String - purpose: Purposes - phoneNumber: String - countryCode: String - stateCode: String - comment: String -} - -""" -An upload file action. -""" -type UploadFileAction implements Action{ -""" -File name for the uploaded file. -Stability: Long-term -""" - fileName: String! -""" -The name of the action. -Stability: Long-term -""" - name: String! -""" -The display name of the action. -Stability: Long-term -""" - displayName: String! -""" -The id of the action. -Stability: Long-term -""" - id: String! -""" -A template that can be used to recreate the action. -Stability: Long-term -""" - yamlTemplate: YAML! -""" -Stability: Long-term -""" - packageId: VersionedPackageSpecifier -""" -The package, if any, which the action is part of. -Stability: Long-term -""" - package: PackageInstallation -""" -False if this type of action is disabled because of a security policy, true otherwise -Stability: Long-term -""" - isAllowedToRun: Boolean! -""" -True if this action is used by triggers, where the query is run by the organization. If true, then the OrganizationOwnedQueries permission is required to edit the action. -Stability: Long-term -""" - requiresOrganizationOwnedQueriesPermissionToEdit: Boolean! -""" -Allowed asset actions -Stability: Preview -""" - allowedActions: [AssetAction!]! -""" -The resource identifier for this action. -Stability: Short-term -""" - resource: String! -} - -""" -Asset actions given by direct user assignments for a specific asset -""" -type UserAssetActionsBySource implements AssetActionsBySource{ -""" -Stability: Preview -""" - user: User! -""" -Asset actions granted because user is root. -Stability: Preview -""" - assetActionsGrantedBecauseUserIsRoot: [AssetAction!]! -""" -List of roles assigned to the user or group and the asset actions they allow -Stability: Preview -""" - assetActionsByRoles: [AssetActionsByRole!]! -""" -Asset permissions assigned directly to the user or group -Stability: Preview -""" - directlyAssigned: DirectlyAssignedAssetPermissions! -} - -input UserDefaultSettingsInput { - defaultTimeZone: String -} - -""" -Query running with user based ownership -""" -type UserOwnership implements QueryOwnership{ -""" -User owning and running the query. If null, then the user doesn't exist anymore. -Stability: Long-term -""" - user: User -""" -Id of user owning and running the query -Stability: Long-term -""" - id: String! -} - -input UserRoleAssignment { - userId: String! - roleId: String! -} - -input UserRoleAssignmentInput { - userId: String! - roleIds: [String!]! -} - -""" -Username and password authentication. The underlying authentication mechanism is configured by the server, e.g. LDAP. -""" -type UsernameAndPasswordAuthentication implements AuthenticationMethod{ -""" -Stability: Long-term -""" - name: String! -} - -input UtmParams { - campaign: String! - content: String! - medium: String! - source: String! - term: String! -} - -""" -A VictorOps action. -""" -type VictorOpsAction implements Action{ -""" -Type of the VictorOps message to make. -Stability: Long-term -""" - messageType: String! -""" -VictorOps webhook url to send the request to. -Stability: Long-term -""" - notifyUrl: String! -""" -Defines whether the action should use the configured proxy to make web requests. -Stability: Long-term -""" - useProxy: Boolean! -""" -The name of the action. -Stability: Long-term -""" - name: String! -""" -The display name of the action. -Stability: Long-term -""" - displayName: String! -""" -The id of the action. -Stability: Long-term -""" - id: String! -""" -A template that can be used to recreate the action. -Stability: Long-term -""" - yamlTemplate: YAML! -""" -Stability: Long-term -""" - packageId: VersionedPackageSpecifier -""" -The package, if any, which the action is part of. -Stability: Long-term -""" - package: PackageInstallation -""" -False if this type of action is disabled because of a security policy, true otherwise -Stability: Long-term -""" - isAllowedToRun: Boolean! -""" -True if this action is used by triggers, where the query is run by the organization. If true, then the OrganizationOwnedQueries permission is required to edit the action. -Stability: Long-term -""" - requiresOrganizationOwnedQueriesPermissionToEdit: Boolean! -""" -Allowed asset actions -Stability: Preview -""" - allowedActions: [AssetAction!]! -""" -The resource identifier for this action. -Stability: Short-term -""" - resource: String! -} - -""" -The repositories this view will read from. -""" -input ViewConnectionInput { -""" -The repositories this view will read from. -""" - repositoryName: String! -""" -The repositories this view will read from. -""" - filter: String! -""" -The repositories this view will read from. -""" - languageVersion: LanguageVersionEnum -} - -""" -View permissions token. The token allows the caller to work with the same set of view-level permissions across multiple views. -""" -type ViewPermissionsToken implements Token{ -""" -The set of permissions on the token -Stability: Long-term -""" - permissions: [String!]! -""" -The set of views on the token. Will only list the views the user has access to. -Stability: Long-term -""" - views: [SearchDomain!]! -""" -The permissions assigned to the token for individual view assets. -Stability: Preview -""" - searchAssetPermissions( -""" -Filter results based on this string -""" - searchFilter: String -""" -The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1) -""" - skip: Int -""" -The amount of results to return. -""" - limit: Int -""" -Choose the order in which the results are returned. -""" - orderBy: OrderBy -""" -The sort by options for assets. Asset name is default -""" - sortBy: SortBy -""" -List of asset types -""" - assetTypes: [AssetPermissionsAssetType!] -""" -List of search domain id's to search within. Null or empty list is interpreted as all search domains -""" - searchDomainIds: [String!] -""" -Include Read, Update and/or Delete permission assignments. The filter will accept all assets if the argument Null or the empty list. -""" - permissions: [AssetAction!] - ): AssetPermissionSearchResultSet! -""" -The id of the token. -Stability: Long-term -""" - id: String! -""" -The name of the token. -Stability: Long-term -""" - name: String! -""" -The time at which the token expires. -Stability: Long-term -""" - expireAt: Long -""" -The ip filter on the token. -Stability: Long-term -""" - ipFilter: String -""" -The ip filter on the token. -Stability: Long-term -""" - ipFilterV2: IPFilter -""" -The date the token was created. -Stability: Long-term -""" - createdAt: Long! -} - -input ViewPermissionsTokenAssetPermissionAssignmentInput { - assetResourceIdentifier: String! - permissions: [AssetPermission!]! -} - -""" -A webhook action -""" -type WebhookAction implements Action{ -""" -Method to use for the request. -Stability: Long-term -""" - method: String! -""" -Url to send the http(s) request to. -Stability: Long-term -""" - url: String! -""" -Headers of the http(s) request. -Stability: Long-term -""" - headers: [HttpHeaderEntry!]! -""" -Body of the http(s) request. Can be templated with values from the result. -Stability: Long-term -""" - bodyTemplate: String! -""" -Flag indicating whether SSL should be ignored for the request. -Stability: Long-term -""" - ignoreSSL: Boolean! -""" -Defines whether the action should use the configured proxy to make web requests. -Stability: Long-term -""" - useProxy: Boolean! -""" -The name of the action. -Stability: Long-term -""" - name: String! -""" -The display name of the action. -Stability: Long-term -""" - displayName: String! -""" -The id of the action. -Stability: Long-term -""" - id: String! -""" -A template that can be used to recreate the action. -Stability: Long-term -""" - yamlTemplate: YAML! -""" -Stability: Long-term -""" - packageId: VersionedPackageSpecifier -""" -The package, if any, which the action is part of. -Stability: Long-term -""" - package: PackageInstallation -""" -False if this type of action is disabled because of a security policy, true otherwise -Stability: Long-term -""" - isAllowedToRun: Boolean! -""" -True if this action is used by triggers, where the query is run by the organization. If true, then the OrganizationOwnedQueries permission is required to edit the action. -Stability: Long-term -""" - requiresOrganizationOwnedQueriesPermissionToEdit: Boolean! -""" -Allowed asset actions -Stability: Preview -""" - allowedActions: [AssetAction!]! -""" -The resource identifier for this action. -Stability: Short-term -""" - resource: String! -} - -input WidgetInput { - id: String! - title: String! - description: String - x: Int! - y: Int! - width: Int! - height: Int! - queryOptions: WidgetQueryPropertiesInput - noteOptions: WidgetNotePropertiesInput - linkOptions: WidgetLinkPropertiesInput - parameterPanelOptions: WidgetParameterPanelPropertiesInput -} - -input WidgetLinkPropertiesInput { - labels: [String!]! -} - -input WidgetNotePropertiesInput { - text: String! - backgroundColor: String - textColor: String -} - -input WidgetParameterPanelPropertiesInput { - parameterIds: [String!]! -} - -input WidgetQueryPropertiesInput { - queryString: String! - start: String! - end: String! - widgetType: String! - options: String - dashboardLinkInteractions: [DashboardLinkInteractionInput!] - customLinkInteractions: [CustomLinkInteractionInput!] - searchLinkInteractions: [SearchLinkInteractionInput!] - updateParametersInteractions: [UpdateParametersInteractionInput!] -} - -""" -The input required to delete an external function specification. -""" -input deleteExternalFunctionInput { -""" -The input required to delete an external function specification. -""" - name: String! -} - -""" -FDR test errors -""" -union error =TestFdrValidationError | TestFdrRequestError - -type setAutomaticSearching { -""" -Stability: Long-term -""" - automaticSearch: Boolean! -} - -type updateDefaultRoleMutation { -""" -Stability: Long-term -""" - group: Group! -} - -""" -A user or pending user, depending on whether an invitation was sent -""" -union userOrPendingUser =User | PendingUser - -type AccessTokenValidatorResultType { -""" -Stability: Long-term -""" - sessionId: String -""" -Stability: Long-term -""" - showTermsAndConditions: ShowTermsAndConditions -} - -""" -A user account. -""" -type Account { -""" -Stability: Long-term -""" - id: String! -""" -Stability: Long-term -""" - enabledFeaturesForAccount: [FeatureFlag!]! -""" -Stability: Long-term -""" - username: String! -""" -Stability: Long-term -""" - isRoot: Boolean! -""" -Stability: Long-term -""" - isOrganizationRoot: Boolean! -""" -Stability: Long-term -""" - fullName: String -""" -Stability: Long-term -""" - firstName: String -""" -Stability: Long-term -""" - lastName: String -""" -Stability: Long-term -""" - phoneNumber: String -""" -Stability: Long-term -""" - email: String -""" -Stability: Long-term -""" - picture: String -""" -Stability: Long-term -""" - settings: UserSettings! -""" -Stability: Long-term -""" - createdAt: DateTime! -""" -Stability: Long-term -""" - countryCode: String -""" -Stability: Long-term -""" - stateCode: String -""" -Stability: Long-term -""" - company: String -""" -Stability: Long-term -""" - canCreateCloudTrialRepo: Boolean! -""" -Stability: Long-term -""" - isCloudProAccount: Boolean! -""" -Stability: Long-term -""" - canCreateRepo: Boolean! -""" -Stability: Long-term -""" - externalPermissions: Boolean! -""" -Stability: Long-term -""" - externalGroupSynchronization: Boolean! -""" -Stability: Long-term -""" - currentOrganization: Organization! -""" -Stability: Long-term -""" - announcement: Notification -""" -Stability: Preview -""" - notificationsV2( - typeFilter: [NotificationTypes!] -""" -Choose the order in which the results are returned. -""" - orderBy: OrderBy -""" -The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1) -""" - skip: Int -""" -The amount of results to return. -""" - limit: Int - ): NotificationsResultSet! -""" -Stability: Long-term -""" - token: PersonalUserToken -""" -Stability: Long-term -""" - fieldConfigurations( - viewName: String! - ): [FieldConfiguration!]! -} - -""" -An action that can be invoked from a trigger. -""" -interface Action { -""" -An action that can be invoked from a trigger. -""" - name: String! -""" -An action that can be invoked from a trigger. -""" - displayName: String! -""" -An action that can be invoked from a trigger. -""" - id: String! -""" -An action that can be invoked from a trigger. -""" - yamlTemplate: YAML! -""" -An action that can be invoked from a trigger. -""" - packageId: VersionedPackageSpecifier -""" -An action that can be invoked from a trigger. -""" - package: PackageInstallation -""" -An action that can be invoked from a trigger. -""" - isAllowedToRun: Boolean! -""" -An action that can be invoked from a trigger. -""" - requiresOrganizationOwnedQueriesPermissionToEdit: Boolean! -""" -An action that can be invoked from a trigger. -""" - allowedActions: [AssetAction!]! -""" -An action that can be invoked from a trigger. -""" - resource: String! -} - -""" -Security policies for actions in the organization -""" -type ActionSecurityPolicies { -""" -Indicates if email actions can be configured and triggered -Stability: Short-term -""" - emailActionEnabled: Boolean! -""" -Allow list of glob patterns for acceptable email action recipients. Empty means no recipients allowed whereas null means all. -Stability: Short-term -""" - emailActionRecipientAllowList: [String!] -""" -Indicates if repository actions can be configured and triggered -Stability: Short-term -""" - repoActionEnabled: Boolean! -""" -Indicates if OpsGenie actions can be configured and triggered -Stability: Short-term -""" - opsGenieActionEnabled: Boolean! -""" -Indicates if PagerDuty actions can be configured and triggered -Stability: Short-term -""" - pagerDutyActionEnabled: Boolean! -""" -Indicates if single channel Slack actions can be configured and triggered -Stability: Short-term -""" - slackSingleChannelActionEnabled: Boolean! -""" -Indicates if multi channel Slack actions can be configured and triggered -Stability: Short-term -""" - slackMultiChannelActionEnabled: Boolean! -""" -Indicates if upload file actions can be configured and triggered -Stability: Short-term -""" - uploadFileActionEnabled: Boolean! -""" -Indicates if VictorOps actions can be configured and triggered -Stability: Short-term -""" - victorOpsActionEnabled: Boolean! -""" -Indicates if Webhook actions can be configured and triggered -Stability: Short-term -""" - webhookActionEnabled: Boolean! -""" -Allow list of glob patterns for acceptable webhook URLs. Empty means no recipients allowed whereas null means all. -Stability: Short-term -""" - webhookActionUrlAllowList: [String!] -} - -type ActionTemplate { -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - displayName: String! -""" -Stability: Long-term -""" - yamlTemplate: String! -""" -The type of action -Stability: Long-term -""" - type: ActionType! -} - -""" -The type of action this template is for -""" -enum ActionType { - Email - LogScaleRepository - OpsGenie - PagerDuty - SlackMulti - SlackSingle - UploadFile - VictorOps - Webhook -} - -type ActiveSchemaOnView { -""" -Stability: Long-term -""" - viewName: RepoOrViewName! -""" -Stability: Long-term -""" - schemaId: String! -""" -Stability: Long-term -""" - is1to1Linked: Boolean! -} - -""" -An aggregate alert. -""" -type AggregateAlert { -""" -Id of the aggregate alert. -Stability: Long-term -""" - id: String! -""" -Name of the aggregate alert. -Stability: Long-term -""" - name: String! -""" -Description of the aggregate alert. -Stability: Long-term -""" - description: String -""" -LogScale query to execute. -Stability: Long-term -""" - queryString: String! -""" -List of actions to fire on query result. -Stability: Long-term -""" - actions: [Action!]! -""" -Labels attached to the aggregate alert. -Stability: Long-term -""" - labels: [String!]! -""" -Flag indicating whether the aggregate alert is enabled. -Stability: Long-term -""" - enabled: Boolean! -""" -Throttle time in seconds. -Stability: Long-term -""" - throttleTimeSeconds: Long! -""" -A field to throttle on. Can only be set if throttleTimeSeconds is set. -Stability: Long-term -""" - throttleField: String -""" -Search interval in seconds. -Stability: Long-term -""" - searchIntervalSeconds: Long! -""" -Timestamp type to use for a query. -Stability: Long-term -""" - queryTimestampType: QueryTimestampType! -""" -Trigger mode used for triggering the alert. -Stability: Long-term -""" - triggerMode: TriggerMode! -""" -Unix timestamp for last execution of trigger. -Stability: Long-term -""" - lastTriggered: Long -""" -Unix timestamp for last successful poll (including action invocation if applicable) of the aggregate alert query. If this is not quite recent, then the alert might be having problems. -Stability: Long-term -""" - lastSuccessfulPoll: Long -""" -Last error encountered while running the aggregate alert. -Stability: Long-term -""" - lastError: String -""" -Last warnings encountered while running the aggregate alert. -Stability: Long-term -""" - lastWarnings: [String!]! -""" -YAML specification of the aggregate alert. -Stability: Long-term -""" - yamlTemplate: YAML! -""" -The id of the package of the aggregate alert template. -Stability: Long-term -""" - packageId: VersionedPackageSpecifier -""" -User or token used to modify the asset. -Stability: Preview -""" - modifiedInfo: ModifiedInfo! -""" -The package that the aggregate alert was installed as part of. -Stability: Long-term -""" - package: PackageInstallation -""" -Ownership of the query run by this alert -Stability: Long-term -""" - queryOwnership: QueryOwnership! -""" -Allowed asset actions -Stability: Preview -""" - allowedActions: [AssetAction!]! -""" -The resource identifier for this aggregate alert. -Stability: Short-term -""" - resource: String! -} - -type AggregateAlertTemplate { -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - displayName: String! -""" -Stability: Long-term -""" - yamlTemplate: YAML! -""" -Stability: Long-term -""" - labels: [String!]! -} - -""" -An alert. -""" -type Alert { -""" -Id of the alert. -Stability: Long-term -""" - id: String! -""" -Name of the alert. -Stability: Long-term -""" - name: String! - assetType: AssetType! -""" -Id of user which the alert is running as. -Stability: Long-term -""" - runAsUser: User -""" -Name of the alert. -Stability: Long-term -""" - displayName: String! -""" -Name of the alert. -Stability: Long-term -""" - description: String -""" -LogScale query to execute. -Stability: Long-term -""" - queryString: String! -""" -Start of the relative time interval for the query. -Stability: Long-term -""" - queryStart: String! -""" -Throttle time in milliseconds. -Stability: Long-term -""" - throttleTimeMillis: Long! -""" -Field to throttle on. -Stability: Long-term -""" - throttleField: String -""" -Unix timestamp for when the alert was last triggered. -Stability: Long-term -""" - timeOfLastTrigger: Long -""" -Flag indicating whether the alert is enabled. -Stability: Long-term -""" - enabled: Boolean! -""" -List of ids for actions to fire on query result. -Stability: Long-term -""" - actions: [String!]! -""" -List of ids for actions to fire on query result. -Stability: Long-term -""" - actionsV2: [Action!]! -""" -Last error encountered while running the alert. -Stability: Long-term -""" - lastError: String -""" -Last warnings encountered while running the alert. -Stability: Long-term -""" - lastWarnings: [String!]! -""" -Labels attached to the alert. -Stability: Long-term -""" - labels: [String!]! -""" -Flag indicating whether the calling user has 'starred' the alert. -""" - isStarred: Boolean! -""" -A YAML formatted string that describes the alert. -Stability: Long-term -""" - yamlTemplate: String! -""" -The id of the package that the alert was installed as part of. -Stability: Long-term -""" - packageId: VersionedPackageSpecifier -""" -The package that the alert was installed as part of. -Stability: Long-term -""" - package: PackageInstallation -""" -Ownership of the query run by this alert -Stability: Long-term -""" - queryOwnership: QueryOwnership! -""" -Allowed asset actions -Stability: Preview -""" - allowedActions: [AssetAction!]! -""" -The resource identifier for this alert. -Stability: Short-term -""" - resource: String! -} - -""" -All actions, labels and packages used in alerts. -""" -type AlertFieldValues { -""" -List of names of actions attached to alerts. Sorted by action names lexicographically. -Stability: Preview -""" - actionNames: [String!]! -""" -List of labels attached to alerts. Sorted by label names lexicographically. -Stability: Preview -""" - labels: [String!]! -""" -List of packages for installed alerts as unversioned qualified package specifiers `scope/packageName`. Sorted lexicographically. -Stability: Preview -""" - unversionedPackageSpecifiers: [String!]! -} - -""" -Arguments for alert field values query. -""" -input AlertFieldValuesInput { -""" -Arguments for alert field values query. -""" - viewName: RepoOrViewName! -} - -type AlertTemplate { -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - displayName: String! -""" -Stability: Long-term -""" - yamlTemplate: String! -""" -Stability: Long-term -""" - labels: [String!]! -} - -""" -The different types of alerts known to the system. -""" -enum AlertType { - LegacyAlert - FilterAlert - AggregateAlert -} - -type AliasInfo { -""" -Stability: Long-term -""" - source: String! -""" -Stability: Long-term -""" - alias: String! -} - -type AliasMapping { -""" -Stability: Long-term -""" - id: String! -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - tags: [TagInfo!]! -""" -Stability: Long-term -""" - aliases: [AliasInfo!]! -""" -Stability: Long-term -""" - originalFieldsToKeep: [String!]! -} - -""" -Arguments for analyzeQuery -""" -input AnalyzeQueryArguments { -""" -Arguments for analyzeQuery -""" - queryString: String! -""" -Arguments for analyzeQuery -""" - version: LanguageVersionInputType! -""" -Arguments for analyzeQuery -""" - isLive: Boolean -""" -Arguments for analyzeQuery -""" - arguments: [QueryArgumentInputType!] -""" -Arguments for analyzeQuery -""" - viewName: RepoOrViewName -""" -Arguments for analyzeQuery -""" - strict: Boolean -""" -Arguments for analyzeQuery -""" - rejectFunctions: [String!] -} - -""" -Result of analyzing a query. -""" -type AnalyzeQueryInfo { -""" -Check if the given query contains any errors or warnings when used in a standard search context. -Stability: Short-term -""" - validateQuery: QueryValidationInfo! -""" -Suggested type of alert to use for the given query. -Returns null if no suitable alert type could be suggested. -The given query is not guaranteed to be valid for the suggested alert type. - -Stability: Short-term -""" - suggestedAlertType: SuggestedAlertTypeInfo -} - -""" -Configuration for archiving, e.e. bucket name and/or region. -""" -interface ArchivingConfiguration { -""" -Configuration for archiving, e.e. bucket name and/or region. -""" - bucket: String! -""" -Configuration for archiving, e.e. bucket name and/or region. -""" - startFrom: DateTime -""" -Configuration for archiving, e.e. bucket name and/or region. -""" - disabled: Boolean -""" -Configuration for archiving, e.e. bucket name and/or region. -""" - tagOrderInName: [String!]! -} - -""" -The format to store archived segments. -""" -enum ArchivingFormat { - RAW - NDJSON -} - -""" -Allowed asset action on asset -""" -enum AssetAction { - Read - Update - Delete - ReadMetadata -} - -""" -A role and the asset actions it allows -""" -type AssetActionsByRole { -""" -Stability: Preview -""" - role: Role -""" -Asset actions allowed by the role -Stability: Preview -""" - assetActions: [AssetAction!]! -} - -""" -Common interface for user and group permission assignments -""" -interface AssetActionsBySource { -""" -Common interface for user and group permission assignments -""" - assetActionsByRoles: [AssetActionsByRole!]! -""" -Common interface for user and group permission assignments -""" - directlyAssigned: DirectlyAssignedAssetPermissions! -} - -""" -Asset permissions -""" -enum AssetPermission { - UpdateAsset - DeleteAsset -} - -""" -An asset permission search result set -""" -type AssetPermissionSearchResultSet { -""" -The total number of matching results -Stability: Preview -""" - totalResults: Int! -""" -The paginated result set -Stability: Preview -""" - results: [SearchAssetPermissionsResultEntry!]! -} - -""" -The different types of assets. -""" -enum AssetPermissionsAssetType { - LegacyAlert - FilterAlert - AggregateAlert - ScheduledSearch - ScheduledReport - Action - Dashboard - File - SavedQuery -} - -enum AssetType { - Interaction - ScheduledSearch - Action - File - AggregateAlert - FilterAlert - Alert - Parser - SavedQuery - Dashboard -} - -""" -Represents information about how users authenticate with LogScale. -""" -interface AuthenticationMethod { -""" -Represents information about how users authenticate with LogScale. -""" - name: String! -} - -interface AuthenticationMethodAuth { - authType: String! -} - -""" -A regex pattern used to filter queries before they are executed. -""" -type BlockedQuery { -""" -Stability: Long-term -""" - id: String! -""" -Stability: Long-term -""" - expiresAt: DateTime -""" -Stability: Long-term -""" - expiresInMilliseconds: Int -""" -Stability: Long-term -""" - pattern: String! -""" -Stability: Long-term -""" - type: BlockedQueryMatcherType! -""" -Stability: Long-term -""" - view: View -""" -The organization owning the pattern or view, if any. -Stability: Long-term -""" - organization: Organization -""" -Stability: Long-term -""" - limitedToOrganization: Boolean! -""" -True if the current actor is allowed the remove this pattern -Stability: Long-term -""" - unblockAllowed: Boolean! -} - -enum BlockedQueryMatcherType { - EXACT - REGEX -} - -""" -Bucket storage configuration for the organization -""" -type BucketStorageConfig { -""" -The primary bucket storage of the organization -Stability: Long-term -""" - targetBucketId1: String! -""" -The secondary bucket storage of the organization -Stability: Long-term -""" - targetBucketId2: String -} - -""" -A policy for choosing which segments to cache on local disk when overcommiting -local storage with bucket storage. - -This can be used to protect certain repositories for local storage, such that -searching other repositories does not evict them. - -A cache policy in LogScale divides segments into prioritized and non-prioritized -segments. When segments needs to be evicted from local storage, we always try -evicting non-prioritized segments before prioritized segments. - -A cache policy can be set either on one of three levels (in order of precedence): - - Repo - - Org - - Globally - - When determining the cache policy for a repo we first check if there is a cache - policy set on the repo. If none is set on the repo, we check the the org. If none - is set there either we check the global setting. - -""" -type CachePolicy { -""" -Prioritize caching segments younger than this -Stability: Preview -""" - prioritizeMillis: Long -} - -enum Changes { - Removed - Added - NoChange -} - -""" -Data for checking a local cluster connection -""" -input CheckLocalClusterConnectionInput { -""" -Data for checking a local cluster connection -""" - connectionId: String -""" -Data for checking a local cluster connection -""" - targetViewName: String! -""" -Data for checking a local cluster connection -""" - tags: [ClusterConnectionInputTag!] -""" -Data for checking a local cluster connection -""" - queryPrefix: String -} - -""" -Data for checking a remote cluster connection -""" -input CheckRemoteClusterConnectionInput { -""" -Data for checking a remote cluster connection -""" - connectionId: String -""" -Data for checking a remote cluster connection -""" - multiClusterViewName: String -""" -Data for checking a remote cluster connection -""" - publicUrl: String! -""" -Data for checking a remote cluster connection -""" - token: String -""" -Data for checking a remote cluster connection -""" - tags: [ClusterConnectionInputTag!] -""" -Data for checking a remote cluster connection -""" - queryPrefix: String -} - -""" -An organization search result set -""" -type ChildOrganizationsResultSet { -""" -The total number of matching results -Stability: Preview -""" - totalResults: Int! -""" -The paginated result set -Stability: Preview -""" - results: [Organization!]! -} - -""" -Identifies a client of the query. -""" -type Client { -""" -Stability: Long-term -""" - externalId: String! -""" -Stability: Long-term -""" - ip: String -""" -Stability: Long-term -""" - user: String -} - -""" -Information about the LogScale cluster. -""" -type Cluster { -""" -Stability: Long-term -""" - nodes: [ClusterNode!]! -""" -Stability: Long-term -""" - clusterManagementSettings: ClusterManagementSettings! -""" -Stability: Long-term -""" - clusterInfoAgeSeconds: Float! -""" -Stability: Long-term -""" - underReplicatedSegmentSize: Float! -""" -Stability: Long-term -""" - overReplicatedSegmentSize: Float! -""" -Stability: Long-term -""" - missingSegmentSize: Float! -""" -Stability: Long-term -""" - properlyReplicatedSegmentSize: Float! -""" -Stability: Long-term -""" - inBucketStorageSegmentSize: Float! -""" -Stability: Long-term -""" - pendingBucketStorageSegmentSize: Float! -""" -Stability: Long-term -""" - pendingBucketStorageRiskySegmentSize: Float! -""" -Stability: Long-term -""" - targetUnderReplicatedSegmentSize: Float! -""" -Stability: Long-term -""" - targetOverReplicatedSegmentSize: Float! -""" -Stability: Long-term -""" - targetMissingSegmentSize: Float! -""" -Stability: Long-term -""" - targetProperlyReplicatedSegmentSize: Float! -""" -Stability: Long-term -""" - ingestPartitions: [IngestPartition!]! -""" -Stability: Short-term -""" - storageReplicationFactor: Int -""" -Stability: Short-term -""" - digestReplicationFactor: Int -""" -Stability: Short-term -""" - stats: ClusterStats! -""" -The default cache policy of this cluster. -Stability: Preview -""" - defaultCachePolicy: CachePolicy -} - -""" -A cluster connection. -""" -interface ClusterConnection { -""" -A cluster connection. -""" - id: String! -""" -A cluster connection. -""" - clusterId: String! -""" -A cluster connection. -""" - tags: [ClusterConnectionTag!]! -""" -A cluster connection. -""" - queryPrefix: String! -} - -input ClusterConnectionInputTag { - key: String! - value: String! -} - -""" -The status of a cluster connection. -""" -interface ClusterConnectionStatus { -""" -The status of a cluster connection. -""" - id: String -""" -The status of a cluster connection. -""" - isValid: Boolean! -""" -The status of a cluster connection. -""" - errorMessages: [ConnectionAspectErrorType!]! -} - -""" -Tag for identifiying the cluster connection -""" -type ClusterConnectionTag { -""" -Cluster Connection tag key -Stability: Short-term -""" - key: String! -""" -Value for the cluster connection tag -Stability: Short-term -""" - value: String! -} - -""" -Settings for the LogScale cluster. -""" -type ClusterManagementSettings { -""" -Replication factor for segments -Stability: Long-term -""" - segmentReplicationFactor: Int! -""" -Replication factor for the digesters -Stability: Long-term -""" - digestReplicationFactor: Int! -""" -Percentage of all hosts relevant to a particular cluster rebalance operation that need to be alive before we allow the system to automatically execute the operation. Cluster rebalance operations currently include reassigning digest work, and moving existing segments to balance disk usage. Value is between 0 and 100, both inclusive -Stability: Long-term -""" - minHostAlivePercentageToEnableClusterRebalancing: Int! -""" -Whether or not desired digesters are allowed to be updated automatically -Stability: Short-term -""" - allowUpdateDesiredDigesters: Boolean! -""" -true if the cluster should allow moving existing segments between nodes to achieve a better data distribution -Stability: Short-term -""" - allowRebalanceExistingSegments: Boolean! -} - -""" -A node in the a LogScale Cluster. -""" -type ClusterNode { -""" -Stability: Long-term -""" - id: Int! -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - zone: String -""" -Stability: Long-term -""" - uri: String! -""" -Stability: Long-term -""" - uuid: String! -""" -Stability: Long-term -""" - humioVersion: String! -""" -Stability: Short-term -""" - supportedTasks: [NodeTaskEnum!]! -""" -Stability: Short-term -""" - assignedTasks: [NodeTaskEnum!] -""" -Stability: Short-term -""" - unassignedTasks: [NodeTaskEnum!] -""" -Stability: Short-term -""" - consideredAliveUntil: DateTime -""" -Stability: Long-term -""" - clusterInfoAgeSeconds: Float! -""" -The size in GB of data this node needs to receive. -Stability: Long-term -""" - inboundSegmentSize: Float! -""" -The size in GB of data this node has that others need. -Stability: Short-term -""" - outboundSegmentSize: Float! -""" -Stability: Long-term -""" - canBeSafelyUnregistered: Boolean! -""" -Stability: Long-term -""" - reasonsNodeCannotBeSafelyUnregistered: ReasonsNodeCannotBeSafelyUnregistered! -""" -The size in GB of data currently on this node. -Stability: Long-term -""" - currentSize: Float! -""" -The size in GB of the data currently on this node that are in the primary storage location. -Stability: Long-term -""" - primarySize: Float! -""" -The size in GB of the data currently on this node that are in the secondary storage location. Zero if no secondary is configured. -Stability: Long-term -""" - secondarySize: Float! -""" -The total size in GB of the primary storage location on this node. -Stability: Long-term -""" - totalSizeOfPrimary: Float! -""" -The total size in GB of the secondary storage location on this node. Zero if no secondary is configured. -Stability: Long-term -""" - totalSizeOfSecondary: Float! -""" -The size in GB of the free space on this node of the primary storage location. -Stability: Long-term -""" - freeOnPrimary: Float! -""" -The size in GB of the free space on this node of the secondary storage location. Zero if no secondary is configured. -Stability: Long-term -""" - freeOnSecondary: Float! -""" -The size in GB of work-in-progress data files. -Stability: Long-term -""" - wipSize: Float! -""" -The size in GB of data once the node has received the data allocated to it. -Stability: Long-term -""" - targetSize: Float! -""" -The size in GB of data that only exists on this node - i.e. only one replica exists in the cluster. -Stability: Long-term -""" - solitarySegmentSize: Float! -""" -A flag indicating whether the node is considered up or down by the cluster coordinated. This is based on the `lastHeartbeat` field. -Stability: Long-term -""" - isAvailable: Boolean! -""" -The last time a heartbeat was received from the node. -Stability: Long-term -""" - lastHeartbeat: DateTime! -""" -The time since a heartbeat was received from the node. -Stability: Long-term -""" - timeSinceLastHeartbeat: Long! -""" -A flag indicating whether the node is marked for eviction. The Falcon LogScale cluster will start to move segments, digesters and queries away from any node marked for eviction -Stability: Long-term -""" - isBeingEvicted: Boolean -""" -Contains data describing the status of eviction -Stability: Long-term -""" - evictionStatus: EvictionStatus! -""" -True if the machine the node runs on has local segment storage -Stability: Long-term -""" - hasStorageRole: Boolean! -""" -True if the machine the node runs on has the possibility to process kafka partitions -Stability: Long-term -""" - hasDigestRole: Boolean! -""" -The time at which the host booted -Stability: Long-term -""" - bootedAt: DateTime! -""" -The time since last boot -Stability: Long-term -""" - timeSinceBooted: Long! -} - -""" -Global stats for the cluster -""" -type ClusterStats { -""" -Stability: Long-term -""" - compressedByteSize: Long! -""" -Stability: Long-term -""" - uncompressedByteSize: Long! -""" -Stability: Long-term -""" - compressedByteSizeOfMerged: Long! -""" -Stability: Long-term -""" - uncompressedByteSizeOfMerged: Long! -} - -""" -Arguments for concatenateQueries -""" -input ConcatenateQueriesArguments { -""" -Arguments for concatenateQueries -""" - queryStrings: [String!]! -""" -Arguments for concatenateQueries -""" - version: LanguageVersionInputType! -} - -""" -A value denoting some aspect of a cluster connection -""" -enum ConnectionAspect { - Tag - QueryPrefix - Other - TargetView - PublicUrl - Token -} - -""" -A key-value pair from a connection aspect to an error message pertaining to that aspect -""" -type ConnectionAspectErrorType { -""" -A connection aspect -Stability: Short-term -""" - aspect: ConnectionAspect! -""" -An error message for the connection, tagged by the relevant aspect -Stability: Short-term -""" - error: String! -} - -""" -Represents the connection between a view and an underlying repository in another organization. -""" -type CrossOrgViewConnection { -""" -ID of the underlying repository -Stability: Short-term -""" - id: String! -""" -Name of the underlying repository -Stability: Short-term -""" - name: String! -""" -The filter applied to all results from the repository. -Stability: Short-term -""" - filter: String! -""" -Stability: Short-term -""" - languageVersion: LanguageVersion! -""" -ID of the organization containing the underlying repository -Stability: Short-term -""" - orgId: String! -} - -""" -The status the local database of CrowdStrike IOCs -""" -type CrowdStrikeIocStatus { -""" -Stability: Long-term -""" - databaseTables: [IocTableInfo!]! -} - -type CurrentStats { -""" -Stability: Long-term -""" - ingest: Ingest! -""" -Stability: Long-term -""" - storedData: StoredData! -""" -Stability: Long-term -""" - scannedData: ScannedData! -""" -Stability: Long-term -""" - users: UsersLimit! -} - -""" -Query result for current usage -""" -union CurrentUsageQueryResult =QueryInProgress | CurrentStats - -type CustomLinkInteraction { -""" -Stability: Long-term -""" - urlTemplate: String! -""" -Stability: Long-term -""" - openInNewTab: Boolean! -""" -Stability: Long-term -""" - urlEncodeArgs: Boolean! -} - -""" -Represents information about a dashboard. -""" -type Dashboard { -""" -Stability: Long-term -""" - id: String! -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - description: String - assetType: AssetType! -""" -A YAML formatted string that describes the dashboard. It does not contain links or permissions, and is safe to share and use for making copies of a dashboard. -""" - templateYaml: String! -""" -A YAML formatted string that describes the dashboard. It does not contain links or permissions, and is safe to share and use for making copies of a dashboard. -Stability: Long-term -""" - yamlTemplate: YAML! -""" -Stability: Long-term -""" - displayName: String! -""" -Stability: Long-term -""" - labels: [String!]! -""" -Stability: Long-term -""" - widgets: [Widget!]! -""" -Stability: Long-term -""" - sections: [Section!]! -""" -Stability: Long-term -""" - series: [SeriesConfig!]! -""" -Stability: Long-term -""" - readOnlyTokens: [DashboardLink!]! -""" -Stability: Long-term -""" - filters: [DashboardFilter!]! -""" -Stability: Long-term -""" - parameters: [DashboardParameter!]! -""" -Stability: Long-term -""" - updateFrequency: DashboardUpdateFrequencyType! -""" -Stability: Long-term -""" - isStarred: Boolean! -""" -Stability: Long-term -""" - defaultFilter: DashboardFilter -""" -Stability: Long-term -""" - defaultSharedTimeStart: String! -""" -Stability: Long-term -""" - defaultSharedTimeEnd: String! -""" -Stability: Long-term -""" - timeJumpSizeInMs: Int -""" -Stability: Long-term -""" - defaultSharedTimeEnabled: Boolean! -""" -Stability: Long-term -""" - searchDomain: SearchDomain! -""" -Stability: Long-term -""" - packageId: VersionedPackageSpecifier -""" -Stability: Long-term -""" - package: PackageInstallation -""" -Allowed asset actions -Stability: Preview -""" - allowedActions: [AssetAction!]! -""" -The resource identifier for this dashboard. -Stability: Short-term -""" - resource: String! -} - -""" -A dashboard -""" -type DashboardEntry { -""" -Stability: Preview -""" - dashboard: Dashboard! -} - -""" -A saved configuration for filtering dashboard widgets. -""" -type DashboardFilter { -""" -Stability: Long-term -""" - id: String! -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - prefixFilter: String! -} - -""" -A token that can be used to access the dashboard without logging in. Useful for e.g. wall mounted dashboards or public dashboards. -""" -type DashboardLink { -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - token: String! -""" -Stability: Long-term -""" - createdBy: String! -""" -The ip filter for the dashboard link. -Stability: Long-term -""" - ipFilter: IPFilter -""" -Ownership of the queries run by this shared dashboard -Stability: Long-term -""" - queryOwnership: QueryOwnership! -} - -type DashboardLinkInteraction { -""" -Stability: Long-term -""" - arguments: [DictionaryEntryType!]! -""" -Stability: Long-term -""" - dashboardReference: DashboardLinkInteractionDashboardReference! -""" -Stability: Long-term -""" - openInNewTab: Boolean! -""" -Stability: Long-term -""" - useWidgetTimeWindow: Boolean! -} - -""" -A reference to a dashboard either by id or name -""" -type DashboardLinkInteractionDashboardReference { -""" -Stability: Long-term -""" - id: String -""" -Stability: Long-term -""" - name: String -""" -Stability: Long-term -""" - repoOrViewName: RepoOrViewName -""" -Stability: Long-term -""" - packageSpecifier: UnversionedPackageSpecifier -} - -""" -A page of dashboards. -""" -type DashboardPage { -""" -Stability: Long-term -""" - pageInfo: PageType! -""" -Stability: Long-term -""" - page: [Dashboard!]! -} - -""" -Represents a dashboard parameter. -""" -interface DashboardParameter { -""" -Represents a dashboard parameter. -""" - id: String! -""" -Represents a dashboard parameter. -""" - label: String! -""" -Represents a dashboard parameter. -""" - defaultValueV2: String -""" -Represents a dashboard parameter. -""" - order: Int -""" -Represents a dashboard parameter. -""" - width: Int -} - -type DashboardTemplate { -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - displayName: String! -""" -Stability: Long-term -""" - yamlTemplate: String! -""" -Stability: Long-term -""" - labels: [String!]! -} - -""" -The frequency at which a dashboard fetches new results for widgets. -""" -union DashboardUpdateFrequencyType =NeverDashboardUpdateFrequency | RealTimeDashboardUpdateFrequency - -""" -A datasource, e.g. file name or system sending data to LogScale. -""" -type Datasource { -""" -Stability: Short-term -""" - name: String! -""" -Stability: Short-term -""" - oldestTimestamp: DateTime! -""" -Stability: Short-term -""" - newestTimestamp: DateTime! -""" -Stability: Short-term -""" - tags: [Tag!]! -""" -The size in Gigabytes of the data from this data source before compression. -Stability: Short-term -""" - sizeAtIngest: Float! -""" -This size in Gigabytes of the data from this data source currently on disk. -Stability: Short-term -""" - sizeOnDisk: Float! -""" -The size in Gigabytes of the data from this data source before compression, but only for the parts that are now part of a merged segment file. -Stability: Short-term -""" - sizeAtIngestOfMerged: Float! -""" -This size in Gigabytes of the data from this data source currently on disk, but only for the parts that are now part of a merged segment file. -Stability: Short-term -""" - sizeOnDiskOfMerged: Float! -} - -""" -Date and time in the ISO-8601 instant format. Example: `2019-12-03T10:15:30.00Z` -""" -scalar DateTime - -""" -A deletion of a set of events. -""" -type DeleteEvents { -""" -Stability: Long-term -""" - id: String! -""" -Stability: Long-term -""" - created: DateTime! -""" -Stability: Long-term -""" - start: DateTime! -""" -Stability: Long-term -""" - end: DateTime! -""" -Stability: Long-term -""" - query: String! -""" -Stability: Long-term -""" - createdByUser: String -""" -Stability: Long-term -""" - languageVersion: LanguageVersion! -} - -""" -Entry into a list of unordered key-value pairs with unique keys -""" -type DictionaryEntryType { -""" -Stability: Long-term -""" - key: String! -""" -Stability: Long-term -""" - value: String! -} - -""" -Asset permissions that can be directly assigned to users or groups -""" -type DirectlyAssignedAssetPermissions { -""" -List of asset permissions -Stability: Preview -""" - assetPermissions: [AssetPermission!]! -""" -Whether permissions were assigned due to asset creator status -Stability: Preview -""" - assignedBecauseOfCreatorStatus: Boolean! -} - -""" -A dynamic configuration. -""" -enum DynamicConfig { - BlockSignup - DisableUserTracking - DisableAnalyticsJob - MaxAccessTokenTTL - RejectIngestOnParserExceedingFraction - QueryPartitionAutoBalance - QueryCoordinatorMaxHeapFraction - PruneCommunityLockedOrganizationsAfterHours - PruneMissingTOSAcceptanceOrganizationsAfterHours - DisableViewWithSameNameCleanup - MaxIngestRequestSize - JoinRowLimit - JoinDefaultLimit - SelfJoinLimit - StateRowLimit - AstDepthLimit - AdHocTablesLimit - QueryMemoryLimit - LiveQueryMemoryLimit - QueryCoordinatorMemoryLimit - GroupDefaultLimit - GroupMaxLimit - RdnsDefaultLimit - RdnsMaxLimit - QueryResultRowCountLimit - AggregatorOutputRowLimit - ParserThrottlingAllocationFactor - UndersizedMergingRetentionPercentage - StaticQueryFractionOfCores - TargetMaxRateForDatasource - VerifySegmentInBucketCompletionIntervalDays - VerifySegmentInBucketHeadOnly - MaxRelocatedDatasourcesInGlobal - DelayIngestResponseDueToIngestLagMaxFactor - DelayIngestResponseDueToIngestLagThreshold - DelayIngestResponseDueToIngestLagScale - SampleIntervalForDatasourceRates - FdrMaxNodesPerFeed - BucketStorageWriteVersion - BucketStorageKeySchemeVersion - BucketStorageUploadInfrequentThresholdDays - MinimumHumioVersion - DebugAuditRequestTrace - FlushSegmentsAndGlobalOnShutdown - GracePeriodBeforeDeletingDeadEphemeralHostsMs - FdrS3FileSizeMax - ArchivingClusterWideStartFrom - ArchivingClusterWideEndAt - ArchivingClusterWideDisabled - ArchivingClusterWideRegexForRepoName - EnableDemoData - MaxNumberOfOrganizations - NumberOfDaysToRemoveStaleOrganizationsAfter - IsAutomaticUpdateCheckingAllowed - ExternalFunctionRequestResponseSizeLimitBytes - ExternalFunctionRequestResponseEventCountLimit - ReplaceANSIEscapeCodes - DisableInconsistencyDetectionJob - DeleteDuplicatedNameViewsAfterMerging - MaxQueryPenaltyCreditForBlockedQueriesFactor - MaxConcurrentQueriesOnWorker - MaxQueryPollsForWorker - MaxOpenSegmentsOnWorker - IngestFeedAwsProcessingDownloadBufferSize - IngestFeedAwsProcessingEventBufferSize - IngestFeedAwsProcessingEventsPerBatch - IngestFeedAwsDownloadMaxObjectSize - IngestFeedGovernorGainPerCore - IngestFeedGovernorCycleDuration - IngestFeedGovernorIngestDelayLow - IngestFeedGovernorIngestDelayHigh - IngestFeedGovernorRateOverride - IngestFeedMaxConcurrentPolls - MaxCsvFileUploadSizeBytes - MaxJsonFileUploadSizeBytes - MatchFilesMaxHeapFraction - LookupTableSyncAwaitSeconds - GraphQLSelectionSizeLimit - UnauthenticatedGraphQLSelectionSizeLimit - QueryBlockMillisOnHighIngestDelay - FileReplicationFactor - QueryBacktrackingLimit - ParserBacktrackingLimit - GraphQlDirectivesAmountLimit - TableCacheMemoryAllowanceFraction - TableCacheMaxStorageFraction - TableCacheMaxStorageFractionForIngestAndHttpOnly - RetentionPreservationStartDt - RetentionPreservationEndDt - RetentionPreservationTag - DisableNewRegexEngine - EnableGlobalJsonStatsLogger - LiveAdhocTableUpdatePeriodMinimumMs - MinQueryPermitsFactor - CorrelateQueryLimit - CorrelateConstraintLimit - CorrelateConstellationTickLimit - CorrelateLinkValuesLimit - CorrelateLinkValuesMaxByteSize - CorrelateNumberOfTimeBuckets - CorrelateQueryEventLimit - MultiPassDefaultIterationLimit - MultiPassMaxIterationLimit - CorrelateMinIterations - GracefulShutdownConsideredAliveSeconds -} - -""" -A key value pair of a dynamic config and the accompanying value. -""" -type DynamicConfigKeyValueType { -""" -The dynamic config key. -Stability: Short-term -""" - dynamicConfigKey: DynamicConfig! -""" -The dynamic config value. -Stability: Short-term -""" - dynamicConfigValue: String! -} - -scalar Email - -""" -Scope of feature flag enablement -""" -enum EnabledInScope { - GlobalScope - OrganizationScope - UserScope - Disabled -} - -enum EntitiesPageDirection { - Previous - Next -} - -input EntitiesPageInputType { - cursor: String! - direction: EntitiesPageDirection! -} - -enum EntitySearchEntityType { - Dashboard - File - Interaction -} - -input EntitySearchInputType { - searchTerm: String - pageSize: Int - paths: [String!] - sortBy: [EntitySearchSortInfoType!] - entityTypes: [EntitySearchEntityType!]! -} - -union EntitySearchResultEntity =ViewInteractionEntry | FileEntry | DashboardEntry - -input EntitySearchSortInfoType { - name: String! - order: EntitySearchSortOrderType! -} - -enum EntitySearchSortOrderType { - Descending - Ascending -} - -enum EnvironmentType { - ON_PREM - ON_CLOUD - ON_COMMUNITY -} - -""" -Usage information -""" -type EnvironmentVariableUsage { -""" -The source for this environment variable. "Environment": the value is from the environment, "Default": variable not found in the environment, but a default value is used, "Missing": no variable or default found -Stability: Short-term -""" - source: String! -""" -Value for this variable -Stability: Short-term -""" - value: String! -""" -Environment variable name -Stability: Short-term -""" - name: String! -} - -""" -An event forwarder -""" -interface EventForwarder { -""" -An event forwarder -""" - id: String! -""" -An event forwarder -""" - name: String! -""" -An event forwarder -""" - description: String! -""" -An event forwarder -""" - enabled: Boolean! -} - -""" -An event forwarder -""" -type EventForwarderForSelection { -""" -Id of the event forwarder -Stability: Long-term -""" - id: String! -""" -Name of the event forwarder -Stability: Long-term -""" - name: String! -""" -Description of the event forwarder -Stability: Long-term -""" - description: String! -""" -Is the event forwarder enabled -Stability: Long-term -""" - enabled: Boolean! -""" -The kind of event forwarder -Stability: Long-term -""" - kind: EventForwarderKind! -} - -""" -The kind of an event forwarder -""" -enum EventForwarderKind { - Kafka -} - -""" -An event forwarding rule -""" -type EventForwardingRule { -""" -The unique id for the event forwarding rule -Stability: Long-term -""" - id: String! -""" -The query string for filtering and mapping the events to forward -Stability: Long-term -""" - queryString: String! -""" -The id of the event forwarder -Stability: Long-term -""" - eventForwarderId: String! -""" -The unix timestamp that the event forwarder was created at -Stability: Long-term -""" - createdAt: Long -""" -Stability: Long-term -""" - languageVersion: LanguageVersion! -} - -""" -Fields that helps describe the status of eviction -""" -type EvictionStatus { -""" -Stability: Long-term -""" - currentlyUnderReplicatedBytes: Long! -""" -Stability: Long-term -""" - totalSegmentBytes: Long! -""" -Stability: Long-term -""" - isDigester: Boolean! -""" -Stability: Long-term -""" - bytesThatExistOnlyOnThisNode: Float! -} - -""" -The specification of an external function. -""" -type ExternalFunctionSpecificationOutput { -""" -The name of the external function. -Stability: Preview -""" - name: String! -""" -The URL for the external function. -Stability: Preview -""" - procedureURL: String! -""" -The parameter specifications for the external function. -Stability: Preview -""" - parameters: [ParameterSpecificationOutput!]! -""" -The description for the external function. -Stability: Preview -""" - description: String! -""" -The kind of external function. This defines how the external function is executed. -Stability: Preview -""" - kind: KindOutput! -} - -""" -Information about an FDR feed. -""" -type FdrFeed { -""" -Id of the FDR feed. -Stability: Long-term -""" - id: String! -""" -Name of the FDR feed. -Stability: Long-term -""" - name: String! -""" -Description of the FDR feed. -Stability: Long-term -""" - description: String -""" -The id of the parser that is used to parse the FDR data. -Stability: Long-term -""" - parserId: String! -""" -AWS client id of the FDR feed. -Stability: Long-term -""" - clientId: String! -""" -AWS SQS queue url of the FDR feed. -Stability: Long-term -""" - sqsUrl: String! -""" -AWS S3 Identifier of the FDR feed. -Stability: Long-term -""" - s3Identifier: String! -""" -Is ingest from the FDR feed enabled? -Stability: Long-term -""" - enabled: Boolean! -} - -""" -Administrator control for an FDR feed -""" -type FdrFeedControl { -""" -Id of the FDR feed. -Stability: Long-term -""" - id: String! -""" -Maximum number of nodes to poll FDR feed with -Stability: Long-term -""" - maxNodes: Int -""" -Maximum amount of files downloaded from s3 in parallel for a single node. -Stability: Long-term -""" - fileDownloadParallelism: Int -} - -enum FeatureAnnouncement { - TriggerSearchPage - TriggerOverview - FleetRemoteUpdatesAndGroups - FilterMatchHighlighting - OrganizationOwnedQueries - Interactions - FieldInteractions - PuffinRebranding - FetchMoreOnFieldsPanel - ToolPanel -} - -""" -Represents a feature flag. -""" -enum FeatureFlag { -""" -Export data to bucket storage. -Stability: Preview -""" - ExportToBucket -""" -Enable repeating queries. Can be used instead of live queries for functions having limitations around live queries. -Stability: Preview -""" - RepeatingQueries -""" -Enable custom ingest tokens not generated by LogScale. -Stability: Preview -""" - CustomIngestTokens -""" -Use new organization limits. -Stability: Preview -""" - NewOrganizationLimits -""" -Enable ArrayFunctions in query language. -THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. -Stability: Preview -""" - ArrayFunctions -""" -Enable geography functions in query language. -THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. -Stability: Preview -""" - GeographyFunctions -""" -Prioritize newer over older segments. -THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. -Stability: Preview -""" - CachePolicies -""" -Enable searching across LogScale clusters. -Stability: Preview -""" - MultiClusterSearch -""" -Enable subdomains for current cluster. -THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. -Stability: Preview -""" - SubdomainForOrganizations -""" -Enable Humio Managed repositories. The customer is not permitted to change certain configurations in a LogScale Managed repository. -THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. -Stability: Preview -""" - ManagedRepositories -""" -Allow users to configure FDR feeds for managed repositories -THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. -Stability: Preview -""" - ManagedRepositoriesAllowFDRConfig -""" -The UsagePage shows data from ingestAfterFieldRemovalSize instead of segmentWriteBytes -Stability: Preview -""" - UsagePageUsingIngestAfterFieldRemovalSize -""" -Enable falcon data connector -Stability: Preview -""" - FalconDataConnector -""" -Flag for testing, does nothing -THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. -Stability: Preview -""" - SleepFunction -""" -Enable login bridge -Stability: Preview -""" - LoginBridge -""" -Enables download of macos installer for logcollector through fleet management -Stability: Preview -""" - MacosInstallerForLogCollector -""" -Enables ephemeral hosts support for fleet management -Stability: Preview -""" - FleetEphemeralHosts -""" -Prevents the archiving logic from splitting segments into multiple archived files based on their tag groups -Stability: Preview -""" - DontSplitSegmentsForArchiving -""" -Enables fleet management collector metrics -Stability: Preview -""" - FleetCollectorMetrics -""" -No currentHosts writes for segments in buckets -Stability: Preview -""" - NoCurrentsForBucketSegments -""" -Force a refresh of ClusterManagementStats cache before calculating UnregisterNodeBlockers in clusterUnregisterNode mutation -Stability: Preview -""" - RefreshClusterManagementStatsInUnregisterNode -""" -Pre-merge mini-segments -Stability: Preview -""" - PreMergeMiniSegments -""" -Use new store for Autosharding rules -Stability: Preview -""" - NewAutoshardRuleStore -""" -Use a new segment file format on write - not readable by older versions -Stability: Preview -""" - WriteNewSegmentFileFormat -""" -When using the new segment file format on write, also do the old solely for comparison -THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. -Stability: Preview -""" - MeasureNewSegmentFileFormat -""" -Enables fleet management collector debug logging -Stability: Preview -""" - FleetCollectorDebugLogging -""" -Resolve field names during codegen rather than for every event -Stability: Preview -""" - ResolveFieldsCodeGen -""" -Enables LogScale Collector remote updates -Stability: Preview -""" - FleetRemoteUpdates -""" -Enables alternate query merge target handling -Stability: Preview -""" - AlternateQueryMergeTargetHandling -""" -Allow digesters to start without having all the minis for the current merge target. Requires the AlternateQueryMergeTargetHandling feature flag to be enabled -Stability: Preview -""" - DigestersDontNeedMergeTargetMinis -""" -Enables labels for fleet management -THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. -Stability: Preview -""" - FleetLabels -""" -Segment rebalancer handles mini segments. Can only take effect when the AlternateQueryMergeTargetHandling and DigestersDontNeedMergeTargetMinis feature flags are also enabled -Stability: Preview -""" - SegmentRebalancerHandlesMinis -""" -Enables dashboards on fleet overview page -THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. -Stability: Preview -""" - FleetOverviewDashboards -""" -Enables archiving for Google Cloud Storage -THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. -Stability: Preview -""" - GoogleCloudArchiving -""" -Enables TablePage UI on fleet management pages. -THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. -Stability: Preview -""" - FleetTablePageUI -""" -Disables periodic ingestOffset pushing for datasources in favor of alternate handling -Stability: Preview -""" - ReplacePeriodicIngestOffsetPushing -""" -Lets the cluster know that non-evicted nodes undergoing a graceful shutdown should be considered alive for 5 minutes with regards to segment rebalancing -Stability: Preview -""" - SetConsideredAliveUntilOnGracefulShutdown -""" -Enables Field Aliasing -Stability: Preview -""" - FieldAliasing -""" -External Functions -THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. -Stability: Preview -""" - ExternalFunctions -""" -Enable the LogScale Query Assistant -THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. -Stability: Preview -""" - QueryAssistant -""" -Enable Flight Control support in cluster -THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. -Stability: Preview -""" - FlightControl -""" -Enables a limit on query backtracking -Stability: Preview -""" - QueryBacktrackingLimit -""" -Adds a derived #repo.cid tag when searching in views or dataspaces within an organization with an associated CID -THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. -Stability: Preview -""" - DerivedCidTag -""" -Live tables -Stability: Preview -""" - LiveTables -""" -Enables graph queries -THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. -Stability: Preview -""" - GraphQueries -""" -Enables the MITRE Detection Annotation function -THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. -Stability: Preview -""" - MitreDetectionAnnotation -""" -Enables having multiple role bindings for a single view in the same group. This feature can only be enabled when min version is at least 1.150.0 -Stability: Preview -""" - MultipleViewRoleBindings -""" -When enabled, queries exceeding the AggregatorOutputRowLimit will get cancelled. When disabled, queries will continue to run, but a log is produced whenever the limit is exceeded. -Stability: Preview -""" - CancelQueriesExceedingAggregateOutputRowLimit -""" -Enables mapping one group to more than one LogScale group with the same lookup name during group synchronization. -THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. -Stability: Preview -""" - OneToManyGroupSynchronization -""" -Enables support specifying the query time interval using the query function setTimeInterval() -Stability: Preview -""" - TimeIntervalInQuery -""" -Enables LLM parser generation -THIS FUNCTIONALITY IS EXPERIMENTAL: Enabling experimental functionality is strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. -Stability: Preview -""" - LlmParserGeneration -""" -Enables the external data source sync job to sync entity data -THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. -Stability: Preview -""" - ExternalDataSourceSyncForEntity -""" -Enables the external data source sync job to sync identity data -THIS FUNCTIONALITY IS RESTRICTED: Enabling this functionality should not be done in any production environment. -Stability: Preview -""" - ExternalDataSourceSyncForIdentity -""" -Use the new query coordination partition logic. -Stability: Preview -""" - UseNewQueryCoordinationPartitions -""" -Use the new sort, head, tail, and table datastructure -Stability: Preview -""" - SortNewDatastructure -} - -""" -Feature flags with details -""" -type FeatureFlagV2 { -""" -Stability: Preview -""" - flag: FeatureFlag! -""" -Stability: Preview -""" - description: String! -""" -Stability: Preview -""" - experimental: Boolean! -} - -type FieldAliasSchema { -""" -Stability: Long-term -""" - id: String! -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - fields: [SchemaField!]! -""" -Stability: Long-term -""" - instances: [AliasMapping!]! -""" -Stability: Long-term -""" - version: String! -""" -Stability: Long-term -""" - yamlTemplate: YAML! -} - -type FieldAliasSchemasInfo { -""" -Stability: Long-term -""" - schemas: [FieldAliasSchema!]! -""" -Stability: Long-term -""" - activeSchemaOnOrg: String -""" -Stability: Long-term -""" - activeSchemasOnViews: [ActiveSchemaOnView!]! -} - -""" -Field condition comparison operator type -""" -enum FieldConditionOperatorType { - Equal - NotEqual - Contains - NotContains - StartsWith - EndsWith - Present - NotPresent - Unknown -} - -""" -Presentation preferences used when a field is added to table and event list widgets in the UI. -""" -type FieldConfiguration { -""" -The field the configuration is associated with. -Stability: Long-term -""" - fieldName: String! -""" -A JSON object containing the column properties applied to the column when it is added to a widget. -Stability: Long-term -""" - config: JSON! -} - -""" -An assertion that an event output from a parser test case has an expected value for a given field. -""" -type FieldHasValue { -""" -Field to assert on. -Stability: Long-term -""" - fieldName: String! -""" -Value expected to be contained in the field. -Stability: Long-term -""" - expectedValue: String! -} - -""" -A file upload to LogScale for use with the `match` query function. You can see them under the Files page in the UI. -""" -type File { -""" -Stability: Long-term -""" - contentHash: String! -""" -Stability: Long-term -""" - nameAndPath: FileNameAndPath! -""" -Stability: Long-term -""" - createdAt: DateTime! -""" -Stability: Long-term -""" - createdBy: String! -""" -Stability: Long-term -""" - modifiedAt: DateTime! -""" -Stability: Long-term -""" - fileSizeBytes: Long -""" -Stability: Long-term -""" - modifiedBy: String! -""" -Stability: Long-term -""" - packageId: VersionedPackageSpecifier -""" -Stability: Long-term -""" - package: PackageInstallation -""" -Allowed asset actions -Stability: Preview -""" - allowedActions: [AssetAction!]! -""" -The resource identifier for this file. -Stability: Short-term -""" - resource: String! -} - -""" -A file asset -""" -type FileEntry { -""" -Stability: Preview -""" - view: SearchDomain -""" -Stability: Preview -""" - file: File! -} - -""" -A field in a file and what value the field should have for a given entry to pass the filter. -""" -input FileFieldFilterType { -""" -A field in a file and what value the field should have for a given entry to pass the filter. -""" - field: String! -""" -A field in a file and what value the field should have for a given entry to pass the filter. -""" - values: [String!]! -} - -type FileNameAndPath { -""" -Stability: Long-term -""" - name: String! -""" -Paths for files can be one of two types: absolute or relative. -Absolute paths start with a slash, and relative paths start without a slash, like Unix paths. - -Every repository or view in the system is considered a "folder" in its own right, -meaning that every relative path is relative to the current view. -An absolute path points to something that can be addressed from any view, -and a relative path points to a file located inside the view. -If there is no path, it means the file is located at your current location. - -Stability: Long-term -""" - path: String -} - -""" -A filter alert. -""" -type FilterAlert { -""" -Id of the filter alert. -Stability: Long-term -""" - id: String! -""" -Name of the filter alert. -Stability: Long-term -""" - name: String! -""" -Description of the filter alert. -Stability: Long-term -""" - description: String -""" -LogScale query to execute. -Stability: Long-term -""" - queryString: String! -""" -List of ids for actions to fire on query result. -Stability: Long-term -""" - actions: [Action!]! -""" -Labels attached to the filter alert. -Stability: Long-term -""" - labels: [String!]! -""" -Flag indicating whether the filter alert is enabled. -Stability: Long-term -""" - enabled: Boolean! -""" -Throttle time in seconds. -Stability: Long-term -""" - throttleTimeSeconds: Long -""" -A field to throttle on. Can only be set if throttleTimeSeconds is set. -Stability: Long-term -""" - throttleField: String -""" -Unix timestamp for last successful poll of the filter alert query. If this is not quite recent, then the alert might be having problems. -Stability: Long-term -""" - lastSuccessfulPoll: Long -""" -Unix timestamp for last execution of trigger. -Stability: Long-term -""" - lastTriggered: Long -""" -Unix timestamp for last error. -Stability: Long-term -""" - lastErrorTime: Long -""" -Last error encountered while running the filter alert. -Stability: Long-term -""" - lastError: String -""" -Last warnings encountered while running the filter alert. -Stability: Long-term -""" - lastWarnings: [String!]! -""" -YAML specification of the filter alert. -Stability: Long-term -""" - yamlTemplate: YAML! -""" -The id of the package that the alert was installed as part of. -Stability: Long-term -""" - packageId: VersionedPackageSpecifier -""" -User or token used to modify the asset. -Stability: Preview -""" - modifiedInfo: ModifiedInfo! -""" -The package that the alert was installed as part of. -Stability: Long-term -""" - package: PackageInstallation -""" -Ownership of the query run by this alert -Stability: Long-term -""" - queryOwnership: QueryOwnership! -""" -Allowed asset actions -Stability: Preview -""" - allowedActions: [AssetAction!]! -""" -The resource identifier for this filter alert. -Stability: Short-term -""" - resource: String! -} - -""" -The default config for filter alerts. -""" -type FilterAlertConfig { -""" -Maximum trigger limit for filter alerts with one or more email actions. -Stability: Long-term -""" - filterAlertEmailTriggerLimit: Int! -""" -Maximum trigger limit for filter alerts with no email actions. -Stability: Long-term -""" - filterAlertNonEmailTriggerLimit: Int! -} - -type FilterAlertTemplate { -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - displayName: String! -""" -Stability: Long-term -""" - yamlTemplate: YAML! -""" -Stability: Long-term -""" - labels: [String!]! -} - -enum FleetConfiguration__SortBy { - Name - ModifiedBy - Instances - Size - LastModified -} - -enum FleetGroups__SortBy { - Filter - WantedVersion - Collectors - Name -} - -type FleetInstallationToken { -""" -Stability: Short-term -""" - token: String! -""" -Stability: Short-term -""" - jwtToken: String! -""" -Stability: Short-term -""" - name: String! -""" -Stability: Short-term -""" - assignedConfiguration: LogCollectorConfiguration -""" -Stability: Short-term -""" - installationCommands: LogCollectorInstallCommand! -} - -enum FleetInstallationTokens__SortBy { - Name - ConfigName -} - -enum Fleet__SortBy { - Hostname - System - Version - Ingest - LastActivity - ConfigName - CpuAverage5Min - MemoryMax5Min - DiskMax5Min - Change - Labels -} - -""" -Settings for the Java Flight Recorder. -""" -type FlightRecorderSettings { -""" -True if OldObjectSample is enabled -Stability: Preview -""" - oldObjectSampleEnabled: Boolean! -""" -The duration old object sampling will run for before dumping results and restarting -Stability: Preview -""" - oldObjectSampleDurationMinutes: Long! -} - -""" -Archiving configuration for GCS, i.e. bucket and format. -""" -type GCSArchivingConfiguration implements ArchivingConfiguration{ -""" -Bucket name for storing archived data. Example: acme-bucket. -Stability: Preview -""" - bucket: String! -""" -Do not archive logs older than this. -Stability: Preview -""" - startFrom: DateTime -""" -Whether the archiving has been disabled. -Stability: Preview -""" - disabled: Boolean -""" -The format to store the archived data in Google Cloud Storage -Stability: Preview -""" - format: ArchivingFormat -""" -Array of names of tag fields to use in that order in the output file names. -Stability: Preview -""" - tagOrderInName: [String!]! -} - -""" -Data for generating an unsaved aggregate alert object from a library package template -""" -input GenerateAggregateAlertFromPackageTemplateInput { -""" -Data for generating an unsaved aggregate alert object from a library package template -""" - viewName: RepoOrViewName! -""" -Data for generating an unsaved aggregate alert object from a library package template -""" - packageId: VersionedPackageSpecifier! -""" -Data for generating an unsaved aggregate alert object from a library package template -""" - templateName: String! -} - -""" -Data for generating an unsaved aggregate alert object from a yaml template -""" -input GenerateAggregateAlertFromTemplateInput { -""" -Data for generating an unsaved aggregate alert object from a yaml template -""" - viewName: RepoOrViewName! -""" -Data for generating an unsaved aggregate alert object from a yaml template -""" - yamlTemplate: YAML! -} - -""" -Data for generating an unsaved alert object from a library package template -""" -input GenerateAlertFromPackageTemplateInput { -""" -Data for generating an unsaved alert object from a library package template -""" - viewName: RepoOrViewName! -""" -Data for generating an unsaved alert object from a library package template -""" - packageId: VersionedPackageSpecifier! -""" -Data for generating an unsaved alert object from a library package template -""" - templateName: String! -} - -""" -Data for generating an unsaved alert object from a yaml template -""" -input GenerateAlertFromTemplateInput { -""" -Data for generating an unsaved alert object from a yaml template -""" - viewName: RepoOrViewName! -""" -Data for generating an unsaved alert object from a yaml template -""" - yamlTemplate: YAML! -} - -""" -Data for generating an unsaved filter alert object from a library package template -""" -input GenerateFilterAlertFromPackageTemplateInput { -""" -Data for generating an unsaved filter alert object from a library package template -""" - viewName: RepoOrViewName! -""" -Data for generating an unsaved filter alert object from a library package template -""" - packageId: VersionedPackageSpecifier! -""" -Data for generating an unsaved filter alert object from a library package template -""" - templateName: String! -} - -""" -Data for generating an unsaved filter alert object from a yaml template -""" -input GenerateFilterAlertFromTemplateInput { -""" -Data for generating an unsaved filter alert object from a yaml template -""" - viewName: RepoOrViewName! -""" -Data for generating an unsaved filter alert object from a yaml template -""" - yamlTemplate: YAML! -} - -""" -Data for generating an unsaved parser object from a YAML template -""" -input GenerateParserFromTemplateInput { -""" -Data for generating an unsaved parser object from a YAML template -""" - yamlTemplate: YAML! -} - -""" -Data for generating an unsaved scheduled search object from a library package template. -""" -input GenerateScheduledSearchFromPackageTemplateInput { -""" -Data for generating an unsaved scheduled search object from a library package template. -""" - viewName: RepoOrViewName! -""" -Data for generating an unsaved scheduled search object from a library package template. -""" - packageId: VersionedPackageSpecifier! -""" -Data for generating an unsaved scheduled search object from a library package template. -""" - templateName: String! -} - -""" -Data for generating an unsaved scheduled search object from a yaml templat. -""" -input GenerateScheduledSearchFromTemplateInput { -""" -Data for generating an unsaved scheduled search object from a yaml templat. -""" - viewName: RepoOrViewName! -""" -Data for generating an unsaved scheduled search object from a yaml templat. -""" - yamlTemplate: YAML! -} - -""" -The input required to get an external function specification. -""" -input GetExternalFunctionInput { -""" -The input required to get an external function specification. -""" - name: String! -""" -The input required to get an external function specification. -""" - view: String! -} - -""" -A group. -""" -type Group { -""" -Stability: Long-term -""" - id: String! -""" -Stability: Long-term -""" - displayName: String! -""" -Stability: Long-term -""" - defaultQueryPrefix: String -""" -Stability: Long-term -""" - defaultRole: Role -""" -Stability: Long-term -""" - defaultSearchDomainCount: Int! -""" -Stability: Long-term -""" - lookupName: String -""" -Stability: Long-term -""" - searchDomainCount: Int! -""" -Stability: Long-term -""" - roles: [SearchDomainRole!]! -""" -Stability: Long-term -""" - searchDomainRoles( - searchDomainId: String - ): [SearchDomainRole!]! - searchDomainRolesByName( - searchDomainName: String! - ): SearchDomainRole -""" -Stability: Long-term -""" - searchDomainRolesBySearchDomainName( - searchDomainName: String! - ): [SearchDomainRole!]! -""" -Get allowed asset actions for the group on a specific asset and explain how it has gotten this access -Stability: Preview -""" - allowedAssetActionsBySource( -""" -Id of the asset -""" - assetId: String! -""" -The type of the asset. -""" - assetType: AssetPermissionsAssetType! - searchDomainId: String - ): GroupAssetActionsBySource! -""" -Search for asset permissions for the group. Only search for asset name is supported with regards to the searchFilter argument. -Stability: Preview -""" - searchAssetPermissions( -""" -Filter results based on this string -""" - searchFilter: String -""" -The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1) -""" - skip: Int -""" -The amount of results to return. -""" - limit: Int -""" -Choose the order in which the results are returned. -""" - orderBy: OrderBy -""" -The sort by options for assets. Asset name is default -""" - sortBy: SortBy -""" -List of asset types -""" - assetTypes: [AssetPermissionsAssetType!] -""" -List of search domain id's to search within. Null or empty list is interpreted as all search domains -""" - searchDomainIds: [String!] -""" -Include Read, Update and/or Delete permission assignments. The filter will accept all assets if the argument Null or the empty list. -""" - permissions: [AssetAction!] - ): AssetPermissionSearchResultSet! -""" -Stability: Long-term -""" - systemRoles: [GroupSystemRole!]! -""" -Stability: Long-term -""" - organizationRoles: [GroupOrganizationRole!]! -""" -Stability: Long-term -""" - queryPrefixes( - onlyIncludeRestrictiveQueryPrefixes: Boolean - onlyForRoleWithId: String - onlyForViewWithId: String - ): [QueryPrefixes!]! -""" -Stability: Long-term -""" - userCount: Int! -""" -Stability: Long-term -""" - users: [User!]! -""" -Stability: Long-term -""" - searchUsers( -""" -Filter results based on this string -""" - searchFilter: String -""" -The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1) -""" - skip: Int -""" -The amount of results to return. -""" - limit: Int -""" -The value to sort the result set by. -""" - sortBy: OrderByUserField -""" -Choose the order in which the results are returned. -""" - orderBy: OrderBy - ): UserResultSetType! -""" -Stability: Long-term -""" - permissionType: PermissionType -} - -""" -Asset actions given by a group for a specific asset -""" -type GroupAssetActionsBySource implements AssetActionsBySource{ -""" -Stability: Preview -""" - group: Group -""" -List of roles assigned to the user or group and the asset actions they allow -Stability: Preview -""" - assetActionsByRoles: [AssetActionsByRole!]! -""" -Asset permissions assigned directly to the user or group -Stability: Preview -""" - directlyAssigned: DirectlyAssignedAssetPermissions! -} - -input GroupFilter { - oldQuery: String - newQuery: String! -} - -type GroupFilterInfo { -""" -Stability: Short-term -""" - total: Int! -""" -Stability: Short-term -""" - added: Int! -""" -Stability: Short-term -""" - removed: Int! -""" -Stability: Short-term -""" - noChange: Int! -} - -""" -The organization roles of the group. -""" -type GroupOrganizationRole { -""" -Stability: Long-term -""" - role: Role! -} - -""" -A page of groups in an organization. -""" -type GroupPage { -""" -Stability: Long-term -""" - pageInfo: PageType! -""" -Stability: Long-term -""" - page: [Group!]! -} - -""" -The groups query result set. -""" -type GroupResultSetType { -""" -The total number of matching results -Stability: Long-term -""" - totalResults: Int! -""" -The paginated result set -Stability: Long-term -""" - results: [Group!]! -} - -""" -The role assigned to a group in a SearchDomain -""" -type GroupSearchDomainRole { -""" -Stability: Long-term -""" - role: Role! -""" -Stability: Long-term -""" - searchDomain: SearchDomain! -""" -Stability: Long-term -""" - group: Group! -} - -""" -The system roles of the group. -""" -type GroupSystemRole { -""" -Stability: Long-term -""" - role: Role! -} - -enum GroupsOrUsersFilter { - Users - Groups -} - -""" -Health status of the service -""" -type HealthStatus { -""" -The latest status from the service -Stability: Preview -""" - status: String! -""" -The latest health status message from the service -Stability: Preview -""" - message: String! -} - -""" -Represents information about the LogScale instance. -""" -type HumioMetadata { -""" -Returns enabled features that are likely in beta. -Stability: Short-term -""" - isFeatureFlagEnabled( - feature: FeatureFlag! - ): Boolean! -""" -Stability: Long-term -""" - externalPermissions: Boolean! -""" -Stability: Long-term -""" - version: String! -""" -An indication whether or not the cluster is being updated. This is based off of differences in the cluster node versions. -Stability: Preview -""" - isClusterBeingUpdated: Boolean! -""" -The lowest detected node version in the cluster. -Stability: Preview -""" - minimumNodeVersion: String! -""" -Stability: Long-term -""" - environment: EnvironmentType! -""" -Stability: Long-term -""" - clusterId: String! -""" -Stability: Short-term -""" - falconDataConnectorUrl: String -""" -Stability: Long-term -""" - regions: [RegionSelectData!]! -""" -List of supported AWS regions -Stability: Long-term -""" - awsRegions: [String!]! -""" -Cluster AWS IAM role arn (Amazon Resource Name) used to assume role for ingest feeds -Stability: Long-term -""" - ingestFeedAwsRoleArn: String -""" -Configuration status for AWS ingest feeds. -Stability: Long-term -""" - awsIngestFeedsConfigurationStatus: IngestFeedConfigurationStatus! -""" -Stability: Short-term -""" - sharedDashboardsEnabled: Boolean! -""" -Stability: Short-term -""" - personalUserTokensEnabled: Boolean! -""" -Stability: Long-term -""" - globalAllowListEmailActionsEnabled: Boolean! -""" -Stability: Long-term -""" - isAutomaticUpdateCheckingEnabled: Boolean! -""" -The authentication method used for the cluster node -Stability: Long-term -""" - authenticationMethod: AuthenticationMethod! -""" -Stability: Short-term -""" - organizationMultiMode: Boolean! -""" -Stability: Short-term -""" - organizationMode: OrganizationMode! -""" -Stability: Short-term -""" - sandboxesEnabled: Boolean! -""" -Stability: Short-term -""" - externalGroupSynchronization: Boolean! -""" -Stability: Long-term -""" - allowActionsNotUseProxy: Boolean! -""" -Stability: Long-term -""" - isUsingSmtp: Boolean! -""" -Stability: Short-term -""" - isPendingUsersEnabled: Boolean! -""" -Stability: Long-term -""" - scheduledSearchMaxBackfillLimit: Int -""" -Stability: Short-term -""" - isExternalManaged: Boolean! -""" -Stability: Short-term -""" - isApiExplorerEnabled: Boolean! -""" -Stability: Short-term -""" - isScheduledReportEnabled: Boolean! -""" -Stability: Short-term -""" - eulaUrl: String! -""" -The time in ms after which a repository has been marked for deletion it will no longer be restorable. -Stability: Long-term -""" - deleteBackupAfter: Long! -""" -Stability: Short-term -""" - maxCsvFileUploadSizeBytes: Long! -""" -Stability: Short-term -""" - maxJsonFileUploadSizeBytes: Long! -""" -The filter alert config. -""" - filterAlertConfig: FilterAlertConfig! -} - -""" -A LogScale query -""" -type HumioQuery { -""" -Stability: Long-term -""" - languageVersion: LanguageVersion! -""" -Stability: Long-term -""" - queryString: String! -""" -Stability: Long-term -""" - arguments: [DictionaryEntryType!]! -""" -Stability: Long-term -""" - start: String! -""" -Stability: Long-term -""" - end: String! -""" -Stability: Long-term -""" - isLive: Boolean! -} - -""" -An IP Filter -""" -type IPFilter { -""" -The unique id for the ip filter -Stability: Long-term -""" - id: String! -""" -The name for the ip filter -Stability: Long-term -""" - name: String! -""" -The ip filter -Stability: Long-term -""" - ipFilter: String! -} - -type IdentityProviderAuth { -""" -Stability: Long-term -""" - id: String! -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - authenticationMethod: AuthenticationMethodAuth! -} - -""" -An Identity Provider -""" -interface IdentityProviderAuthentication { -""" -An Identity Provider -""" - id: String! -""" -An Identity Provider -""" - name: String! -""" -An Identity Provider -""" - defaultIdp: Boolean! -""" -An Identity Provider -""" - humioManaged: Boolean! -""" -An Identity Provider -""" - lazyCreateUsers: Boolean! -""" -An Identity Provider -""" - domains: [String!]! -""" -An Identity Provider -""" - debug: Boolean! -} - -type Ingest { -""" -Stability: Long-term -""" - currentBytes: Long! -""" -Stability: Long-term -""" - limit: UsageLimit! -} - -""" -An ingest feed. -""" -type IngestFeed { -""" -Id of the ingest feed. -Stability: Long-term -""" - id: String! -""" -Name of the ingest feed. -Stability: Long-term -""" - name: String! -""" -Description of the ingest feed. -Stability: Long-term -""" - description: String -""" -Parser used to parse the ingest feed. -Stability: Long-term -""" - parser: Parser -""" -Is ingest from the ingest feed enabled? -Stability: Long-term -""" - enabled: Boolean! -""" -The source which this ingest feed will ingest from -Stability: Long-term -""" - source: IngestFeedSource! -""" -Unix timestamp for when this feed was created -Stability: Long-term -""" - createdAt: Long! -""" -Details about how the ingest feed is running -Stability: Long-term -""" - executionInfo: IngestFeedExecutionInfo -} - -""" -How to authenticate to AWS. -""" -union IngestFeedAwsAuthentication =IngestFeedAwsAuthenticationIamRole - -""" -IAM role authentication -""" -type IngestFeedAwsAuthenticationIamRole { -""" -Arn of the role to be assumed -Stability: Long-term -""" - roleArn: String! -""" -External Id to the role to be assumed -Stability: Long-term -""" - externalId: String! -} - -""" -Compression scheme of the file. -""" -enum IngestFeedCompression { - Auto - Gzip - None -} - -""" -Represents the configuration status of the ingest feed feature on the cluster -""" -type IngestFeedConfigurationStatus { -""" -Stability: Long-term -""" - isConfigured: Boolean! -} - -""" -Details about how the ingest feed is running -""" -type IngestFeedExecutionInfo { -""" -Unix timestamp of the latest activity for the feed -Stability: Long-term -""" - latestActivity: Long -""" -Details about the status of the ingest feed -Stability: Long-term -""" - statusMessage: IngestFeedStatus -} - -""" -The preprocessing to apply to an ingest feed before parsing. -""" -union IngestFeedPreprocessing =IngestFeedPreprocessingSplitNewline | IngestFeedPreprocessingSplitAwsRecords - -""" -The kind of preprocessing to do. -""" -enum IngestFeedPreprocessingKind { -""" -Interpret the input as AWS JSON record format and emit each record as an event -""" - SplitAwsRecords -""" -Interpret the input as newline-delimited and emit each line as an event -""" - SplitNewline -} - -""" -Interpret the input as AWS JSON record format and emit each record as an event -""" -type IngestFeedPreprocessingSplitAwsRecords { -""" -The kind of preprocessing to do. -Stability: Long-term -""" - kind: IngestFeedPreprocessingKind! -} - -""" -Interpret the input as newline-delimited and emit each line as an event -""" -type IngestFeedPreprocessingSplitNewline { -""" -The kind of preprocessing to do. -Stability: Long-term -""" - kind: IngestFeedPreprocessingKind! -} - -""" -The ingest feed query result set -""" -type IngestFeedQueryResultSet { -""" -The total number of matching results -Stability: Long-term -""" - totalResults: Int! -""" -The paginated result set -Stability: Long-term -""" - results: [IngestFeed!]! -} - -""" -An ingest feed that polls data from S3 and is notified via SQS -""" -type IngestFeedS3SqsSource { -""" -AWS SQS queue url. -Stability: Long-term -""" - sqsUrl: String! -""" -The preprocessing to apply to an ingest feed before parsing. -Stability: Long-term -""" - preprocessing: IngestFeedPreprocessing! -""" -How to authenticate to AWS. -Stability: Long-term -""" - awsAuthentication: IngestFeedAwsAuthentication! -""" -Compression scheme of the file. -Stability: Long-term -""" - compression: IngestFeedCompression! -""" -The AWS region to connect to. -Stability: Long-term -""" - region: String! -} - -""" -The source from which to download from an ingest feed. -""" -union IngestFeedSource =IngestFeedS3SqsSource - -""" -Details about the status of the ingest feed -""" -type IngestFeedStatus { -""" -Description of the problem with the ingest feed -Stability: Long-term -""" - problem: String! -""" -Terse description of the problem with the ingest feed -Stability: Long-term -""" - terseProblem: String -""" -Timestamp, in milliseconds, of when the status message was set -Stability: Long-term -""" - statusTimestamp: Long! -""" -Cause of the problem with the ingest feed -Stability: Long-term -""" - cause: IngestFeedStatusCause -} - -""" -Details about the cause of the problem -""" -type IngestFeedStatusCause { -""" -Description of the cause of the problem -Stability: Long-term -""" - cause: String! -""" -Terse description of the cause of the problem -Stability: Long-term -""" - terseCause: String -} - -enum IngestFeeds__SortBy { - CreatedTimeStamp - Name -} - -enum IngestFeeds__Type { - AwsS3Sqs -} - -""" -Ingest Listeners listen on a port for UDP or TCP traffic, used with SysLog. -""" -type IngestListener { -""" -Stability: Long-term -""" - id: String! -""" -Stability: Long-term -""" - repository: Repository! -""" -The TCP/UDP port to listen to. -Stability: Long-term -""" - port: Int! -""" -The network protocol data is sent through. -Stability: Long-term -""" - protocol: IngestListenerProtocol! -""" -The charset used to decode the event stream. Available charsets depend on the JVM running the LogScale instance. Names and aliases can be found at http://www.iana.org/assignments/character-sets/character-sets.xhtml -Stability: Long-term -""" - charset: String! -""" -Specify which host should open the socket. By default this field is empty and all hosts will open a socket. This field can be used to select only one host to open the socket. -Stability: Long-term -""" - vHost: Int -""" -Stability: Long-term -""" - name: String! -""" -The ip address this listener will bind to. By default (leaving this field empty) it will bind to 0.0.0.0 - all interfaces. Using this field it is also possible to specify the address to bind to. In a cluster setup it is also possible to specify if only one machine should open a socket - The vhost field is used for that. -Stability: Long-term -""" - bindInterface: String! -""" -The parser configured to parse data for the listener. This returns null if the parser has been removed since the listener was created. -Stability: Long-term -""" - parser: Parser -} - -""" -The network protocol a ingest listener uses. -""" -enum IngestListenerProtocol { -""" -UDP Protocol -""" - UDP -""" -TCP Protocol -""" - TCP -""" -Gelf over UDP Protocol -""" - GELF_UDP -""" -Gelf over TCP Protocol -""" - GELF_TCP -""" -Netflow over UDP -""" - NETFLOW_UDP -} - -""" -A cluster ingest partition. It assigns cluster nodes with the responsibility of ingesting data. -""" -type IngestPartition { -""" -Stability: Long-term -""" - id: Int! -""" -The ids of the node responsible executing real-time queries for the partition and writing events to time series. The list is ordered so that the first node is the primary node and the rest are followers ready to take over if the primary fails. -Stability: Long-term -""" - nodeIds: [Int!]! -} - -""" -An API ingest token used for sending data to LogScale. -""" -type IngestToken { -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - token: String! -""" -Stability: Long-term -""" - parser: Parser -} - -""" -The status of an IOC database table -""" -type IocTableInfo { -""" -The name of the indicator type in this table -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - status: IocTableStatus! -""" -The number of milliseconds since epoch that the IOC database was last updated -Stability: Long-term -""" - lastUpdated: Long -""" -The number of indicators in the database -Stability: Long-term -""" - count: Int! -} - -enum IocTableStatus { - Unauthorized - Unavailable - Ok -} - -""" -Represents information about the IP database used by LogScale -""" -type IpDatabaseInfo { -""" -The absolute file path of the file containing the database -Stability: Long-term -""" - dbFilePath: String! -""" -The update strategy used for the IP Database -Stability: Long-term -""" - updateStrategy: String! -""" -Metadata about the IP Database used by LogScale -Stability: Long-term -""" - metadata: IpDatabaseMetadata -} - -""" -Represents metadata about the IP database used by LogScale -""" -type IpDatabaseMetadata { -""" -The type of database -Stability: Long-term -""" - type: String! -""" -The date on which the database was build -Stability: Long-term -""" - buildDate: DateTime! -""" -The description of the database -Stability: Long-term -""" - description: String! -""" -The md5 hash of the file containing the database -Stability: Long-term -""" - dbFileMd5: String! -} - -scalar JSON - -type KafkaClusterDescription { -""" -Stability: Short-term -""" - clusterID: String! -""" -Stability: Short-term -""" - nodes: [KafkaNode!]! -""" -Stability: Short-term -""" - controller: KafkaNode! -""" -Stability: Short-term -""" - logDirDescriptions: [KafkaLogDir!]! -""" -Stability: Short-term -""" - globalEventsTopic: KafkaTopicDescription! -""" -Stability: Short-term -""" - ingestTopic: KafkaTopicDescription! -""" -Stability: Short-term -""" - chatterTopic: KafkaTopicDescription! -} - -type KafkaLogDir { -""" -Stability: Short-term -""" - nodeID: Int! -""" -Stability: Short-term -""" - path: String! -""" -Stability: Short-term -""" - error: String -""" -Stability: Short-term -""" - topicPartitions: [KafkaNodeTopicPartitionLogDescription!]! -} - -type KafkaNode { -""" -Stability: Short-term -""" - id: Int! -""" -Stability: Short-term -""" - host: String -""" -Stability: Short-term -""" - port: Int! -""" -Stability: Short-term -""" - rack: String -} - -type KafkaNodeTopicPartitionLogDescription { -""" -Stability: Short-term -""" - topicPartition: KafkaTopicPartition! -""" -Stability: Short-term -""" - offset: Long! -""" -Stability: Short-term -""" - size: Long! -""" -Stability: Short-term -""" - isFuture: Boolean! -} - -type KafkaTopicConfig { -""" -Stability: Short-term -""" - key: String! -""" -Stability: Short-term -""" - value: String! -} - -type KafkaTopicConfigs { -""" -Stability: Short-term -""" - configs: [KafkaTopicConfig!]! -""" -Stability: Short-term -""" - defaultConfigs: [KafkaTopicConfig!]! -} - -type KafkaTopicDescription { -""" -Stability: Short-term -""" - name: String! -""" -Stability: Short-term -""" - config: KafkaTopicConfigs! -""" -Stability: Short-term -""" - partitions: [KafkaTopicPartitionDescription!]! -} - -""" -Kafka Topic Partition -""" -type KafkaTopicPartition { -""" -Stability: Short-term -""" - topic: String! -""" -Stability: Short-term -""" - partition: Int! -} - -type KafkaTopicPartitionDescription { -""" -Stability: Short-term -""" - partition: Int! -""" -Stability: Short-term -""" - leader: Int! -""" -Stability: Short-term -""" - replicas: [Int!]! -""" -Stability: Short-term -""" - inSyncReplicas: [Int!]! -} - -""" -The kind of the external function -""" -enum KindEnum { - Source - General - Enrichment -} - -""" -Defines how the external function is executed. -""" -type KindOutput { -""" -The name of the kind of external function. -Stability: Preview -""" - name: KindEnum! -""" -The parameters that specify the key fields. Use for the 'Enrichment' functions. -Stability: Preview -""" - parametersDefiningKeyFields: [String!] -""" -The names of the keys when they're returned from the external function. Use for the 'Enrichment' functions. -Stability: Preview -""" - fixedKeyFields: [String!] -} - -type LanguageVersion { -""" -If non-null, this is a version known by the current version of LogScale. -Stability: Long-term -""" - name: LanguageVersionEnum -""" -If non-null, this is a version stored by a future LogScale version. -Stability: Long-term -""" - futureName: String -""" -The language version. -Stability: Long-term -""" - version: LanguageVersionOutputType! -""" -If false, this version isn't recognized by the current version of LogScale. -It must have been stored by a future LogScale version. -This can happen if LogScale was upgraded, and subsequently downgraded (rolled back). -Stability: Long-term -""" - isKnown: Boolean! -} - -""" -The version of the LogScale query language to use. -""" -enum LanguageVersionEnum { - legacy - xdr1 - xdrdetects1 - filteralert - federated1 -} - -""" -A specific language version. -""" -input LanguageVersionInputType { -""" -A specific language version. -""" - name: String! -} - -""" -A specific language version. -""" -type LanguageVersionOutputType { -""" -The name of the language version. The name is case insensitive. -Stability: Long-term -""" - name: String! -} - -""" -Represents information about the LogScale instance. -""" -interface License { -""" -Represents information about the LogScale instance. -""" - expiresAt: DateTime! -""" -Represents information about the LogScale instance. -""" - issuedAt: DateTime! -} - -""" -A Limit added to the organization. -""" -type Limit { -""" -The limit name -Stability: Long-term -""" - limitName: String! -""" -If the limit allows logging in -Stability: Long-term -""" - allowLogin: Boolean! -""" -The daily ingest allowed for the limit -Stability: Long-term -""" - dailyIngest: Long! -""" -The retention in days allowed for the limit -Stability: Long-term -""" - retention: Int! -""" -If the limit allows self service -Stability: Long-term -""" - allowSelfService: Boolean! -""" -The deleted date for the limit -Stability: Long-term -""" - deletedDate: Long -} - -""" -A Limit added to the organization. -""" -type LimitV2 { -""" -The id -Stability: Long-term -""" - id: String! -""" -The limit name -Stability: Long-term -""" - limitName: String! -""" -The display name of the limit -Stability: Long-term -""" - displayName: String! -""" -If the limit allows logging in -Stability: Long-term -""" - allowLogin: Boolean! -""" -The daily ingest allowed for the limit -Stability: Long-term -""" - dailyIngest: contractual! -""" -The amount of storage allowed for the limit -Stability: Long-term -""" - storageLimit: contractual! -""" -The data scanned measurement allowed for the limit -Stability: Long-term -""" - dataScannedLimit: contractual! -""" -The usage measurement type used for the limit -Stability: Long-term -""" - measurementPoint: Organizations__MeasurementType! -""" -The user seats allowed for the limit -Stability: Long-term -""" - userLimit: contractual! -""" -The number of repositories allowed for the limit -Stability: Long-term -""" - repoLimit: Int -""" -The retention in days for the limit, that's the contracted value -Stability: Long-term -""" - retention: Int! -""" -The max retention in days allowed for the limit, this can be greater than or equal to retention -Stability: Long-term -""" - maxRetention: Int! -""" -If the limit allows self service -Stability: Long-term -""" - allowSelfService: Boolean! -""" -The deleted date for the limit -Stability: Long-term -""" - deletedDate: Long -""" -The expiration date for the limit -Stability: Long-term -""" - expirationDate: Long -""" -If the limit is a trial -Stability: Long-term -""" - trial: Boolean! -""" -If the customer is allowed flight control -Stability: Long-term -""" - allowFlightControl: Boolean! -""" -Data type for the limit, all repositories linked to the limit will get this datatype logged in usage -Stability: Long-term -""" - dataType: String! -""" -Repositories attached to the limit -Stability: Long-term -""" - repositories: [Repository!]! -} - -""" -All data related to a scheduled report accessible with a readonly scheduled report access token -""" -type LimitedScheduledReport { -""" -Id of the scheduled report. -Stability: Long-term -""" - id: String! -""" -Name of the scheduled report. -Stability: Long-term -""" - name: String! -""" -Description of the scheduled report. -Stability: Long-term -""" - description: String! -""" -Name of the dashboard referenced by the report. -Stability: Long-term -""" - dashboardName: String! -""" -Display name of the dashboard referenced by the report. -Stability: Long-term -""" - dashboardDisplayName: String! -""" -Shared time interval of the dashboard referenced by the report. -Stability: Long-term -""" - dashboardSharedTimeInterval: SharedDashboardTimeInterval -""" -Widgets of the dashboard referenced by the report. -Stability: Long-term -""" - dashboardWidgets: [Widget!]! -""" -Sections of the dashboard referenced by the report. -Stability: Long-term -""" - dashboardSections: [Section!]! -""" -Series configurations of the dashboard referenced by the report. -Stability: Long-term -""" - dashboardSeries: [SeriesConfig!]! -""" -The name of the repository or view queries are executed against. -Stability: Long-term -""" - repoOrViewName: RepoOrViewName! -""" -Layout of the scheduled report. -Stability: Long-term -""" - layout: ScheduledReportLayout! -""" -Timezone of the schedule. Examples include UTC, Europe/Copenhagen. -Stability: Long-term -""" - timeZone: String! -""" -List of parameter value configurations. -Stability: Long-term -""" - parameters: [ParameterValue!]! -""" -The resource identifier for this scheduled report. -Stability: Short-term -""" - resource: String! -} - -""" -The status of a local cluster connection. -""" -type LocalClusterConnectionStatus implements ClusterConnectionStatus{ -""" -Name of the local view -Stability: Short-term -""" - viewName: String -""" -Id of the connection -Stability: Short-term -""" - id: String -""" -Whether the connection is valid -Stability: Short-term -""" - isValid: Boolean! -""" -Errors if the connection is invalid -Stability: Short-term -""" - errorMessages: [ConnectionAspectErrorType!]! -} - -""" -A fleet search result entry -""" -type LogCollector { -""" -If the collector is enrolled this is its id -Stability: Short-term -""" - id: String -""" -The hostname -Stability: Short-term -""" - hostname: String! -""" -The host system -Stability: Short-term -""" - system: String! -""" -Version -Stability: Short-term -""" - version: String! -""" -Last activity recorded -Stability: Short-term -""" - lastActivity: String! -""" -Ingest last 24h. -Stability: Short-term -""" - ingestLast24H: Long! -""" -Ip address -Stability: Short-term -""" - ipAddress: String -""" - -Stability: Short-term -""" - logSources: [LogCollectorLogSource!]! -""" -Log collector machineId -Stability: Short-term -""" - machineId: String! -""" -contains the name of any manually assigned config -Stability: Short-term -""" - configName: String -""" -contains the id of any manually assigned config -Stability: Short-term -""" - configId: String -""" -Stability: Short-term -""" - configurations: [LogCollectorConfigInfo!]! -""" -Stability: Short-term -""" - errors: [String!]! -""" -Stability: Short-term -""" - cfgTestId: String -""" -Stability: Short-term -""" - cpuAverage5Min: Float -""" -Stability: Short-term -""" - memoryMax5Min: Long -""" -Stability: Short-term -""" - diskMax5Min: Float -""" -Stability: Short-term -""" - change: Changes -""" -Stability: Short-term -""" - groups: [LogCollectorGroup!]! -""" -Stability: Short-term -""" - wantedVersion: String -""" -Stability: Short-term -""" - debugLogging: LogCollectorDebugLogging -""" -Stability: Short-term -""" - timeOfUpdate: DateTime -""" -Stability: Short-term -""" - usesRemoteUpdate: Boolean! -""" -Stability: Short-term -""" - ephemeralTimeout: Int -""" -Stability: Short-term -""" - status: LogCollectorStatusType -""" -Stability: Short-term -""" - labels: [LogCollectorLabel!]! -} - -type LogCollectorConfigInfo { -""" -Stability: Short-term -""" - id: String! -""" -Stability: Short-term -""" - name: String! -""" -Stability: Short-term -""" - group: LogCollectorGroup -""" -Stability: Short-term -""" - assignment: LogCollectorConfigurationAssignmentType! -} - -""" -A configuration file for a log collector -""" -type LogCollectorConfiguration { -""" - -Stability: Short-term -""" - id: String! -""" - -Stability: Short-term -""" - name: String! -""" - -Stability: Short-term -""" - yaml: String -""" - -Stability: Short-term -""" - draft: String -""" - -Stability: Short-term -""" - version: Int! -""" - -Stability: Short-term -""" - yamlCharactersCount: Int! -""" -Stability: Short-term -""" - modifiedAt: DateTime! -""" -Stability: Short-term -""" - draftModifiedAt: DateTime -""" -Stability: Short-term -""" - modifiedBy: String! -""" -Stability: Short-term -""" - instances: Int! -""" -Stability: Short-term -""" - description: String -""" -Stability: Short-term -""" - isTestRunning: Boolean! -} - -enum LogCollectorConfigurationAssignmentType { - Group - Manual - Test -} - -type LogCollectorConfigurationProblemAtPath { -""" -Stability: Short-term -""" - summary: String! -""" -Stability: Short-term -""" - details: String -""" -Stability: Short-term -""" - path: String! -""" -Stability: Short-term -""" - number: Int! -} - -union LogCollectorDebugLogging =LogCollectorDebugLoggingStatic - -type LogCollectorDebugLoggingStatic { -""" -Stability: Short-term -""" - url: String -""" -Stability: Short-term -""" - token: String! -""" -Stability: Short-term -""" - level: String! -""" -Stability: Short-term -""" - repository: String -} - -""" -Details about a Log Collector -""" -type LogCollectorDetails { -""" -If the collector is enrolled this is its id -Stability: Short-term -""" - id: String -""" -The hostname -Stability: Short-term -""" - hostname: String! -""" -The host system -Stability: Short-term -""" - system: String! -""" -Version -Stability: Short-term -""" - version: String! -""" -Last activity recorded -Stability: Short-term -""" - lastActivity: String! -""" -Ip address -Stability: Short-term -""" - ipAddress: String -""" - -Stability: Short-term -""" - logSources: [LogCollectorLogSource!]! -""" -Log collector machineId -Stability: Short-term -""" - machineId: String! -""" -Stability: Short-term -""" - configurations: [LogCollectorConfigInfo!]! -""" -Stability: Short-term -""" - errors: [String!]! -""" -Stability: Short-term -""" - cpuAverage5Min: Float -""" -Stability: Short-term -""" - memoryMax5Min: Long -""" -Stability: Short-term -""" - diskMax5Min: Float -""" -Stability: Short-term -""" - ephemeralTimeout: Int -""" -Stability: Short-term -""" - status: LogCollectorStatusType -} - -type LogCollectorGroup { -""" -Stability: Short-term -""" - id: String! -""" -Stability: Short-term -""" - name: String! -""" -Stability: Short-term -""" - filter: String -""" -Stability: Short-term -""" - configurations: [LogCollectorConfiguration!]! -""" -Stability: Short-term -""" - collectorCount: Int -""" -Stability: Short-term -""" - wantedVersion: String -""" -Stability: Short-term -""" - onlyUsesRemoteUpdates: Boolean! -} - -type LogCollectorInstallCommand { -""" -Stability: Short-term -""" - windowsCommand: String! -""" -Stability: Short-term -""" - linuxCommand: String! -""" -Stability: Short-term -""" - macosCommand: String! -} - -""" -Provides information about an installer of the LogScale Collector. -""" -type LogCollectorInstaller { -""" -Installer file name -Stability: Short-term -""" - name: String! -""" -URL to fetch installer from -Stability: Short-term -""" - url: String! -""" -LogScale Collector version -Stability: Short-term -""" - version: String! -""" -Installer CPU architecture -Stability: Short-term -""" - architecture: String! -""" -Installer type (deb, rpm or msi) -Stability: Short-term -""" - type: String! -""" -Installer file size -Stability: Short-term -""" - size: Int! -""" -Config file example -Stability: Short-term -""" - configExample: String -""" -Icon file name -Stability: Short-term -""" - icon: String -} - -type LogCollectorLabel { -""" -Stability: Short-term -""" - name: String! -""" -Stability: Short-term -""" - value: String! -} - -type LogCollectorLogSource { -""" - -Stability: Short-term -""" - sourceName: String! -""" - -Stability: Short-term -""" - sourceType: String! -""" - -Stability: Short-term -""" - sinkType: String! -""" - -Stability: Short-term -""" - parser: String -""" - -Stability: Short-term -""" - repository: String -} - -type LogCollectorMergedConfiguration { -""" -Stability: Short-term -""" - problems: [LogCollectorConfigurationProblemAtPath!]! -""" -Stability: Short-term -""" - content: String! -} - -enum LogCollectorStatusType { - Error - OK -} - -type LoginBridge { -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - issuer: String! -""" -Stability: Long-term -""" - description: String! -""" -Stability: Long-term -""" - remoteId: String! -""" -Stability: Long-term -""" - loginUrl: String! -""" -Stability: Long-term -""" - relayStateUUrl: String! -""" -Stability: Long-term -""" - samlEntityId: String! -""" -Stability: Long-term -""" - publicSamlCertificate: String! -""" -Stability: Long-term -""" - groupAttribute: String! -""" -Stability: Long-term -""" - organizationIdAttributeName: String! -""" -Stability: Long-term -""" - organizationNameAttributeName: String -""" -Stability: Long-term -""" - additionalAttributes: String -""" -Stability: Long-term -""" - groups: [String!]! -""" -Stability: Long-term -""" - allowedUsers: [User!]! -""" -Stability: Long-term -""" - generateUserName: Boolean! -""" -Stability: Long-term -""" - termsDescription: String! -""" -Stability: Long-term -""" - termsLink: String! -""" -Stability: Long-term -""" - showTermsAndConditions: Boolean! -""" -True if any user in this organization has logged in to CrowdStream via LogScale. Requires manage organizations permissions -Stability: Long-term -""" - anyUserAlreadyLoggedInViaLoginBridge: Boolean! -} - -type LoginBridgeRequest { -""" -Stability: Long-term -""" - samlResponse: String! -""" -Stability: Long-term -""" - loginUrl: String! -""" -Stability: Long-term -""" - relayState: String! -} - -type LookupFileTemplate { -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - displayName: String! -""" -Stability: Long-term -""" - content: String! -} - -scalar Markdown - -""" -A place for LogScale to find packages. -""" -type Marketplace { -""" -Gets all categories in the marketplace. -Stability: Long-term -""" - categoryGroups: [MarketplaceCategoryGroup!]! -} - -""" -A category that can be used to filter search results in the marketplace. -""" -type MarketplaceCategory { -""" -A display string for the category. -Stability: Long-term -""" - title: String! -""" -The id is used to filter the searches. -Stability: Long-term -""" - id: String! -} - -""" -A grouping of categories that can be used to filter search results in the marketplace. -""" -type MarketplaceCategoryGroup { -""" -A display string for the category group. -Stability: Long-term -""" - title: String! -""" -The categories that are members of the group. -Stability: Long-term -""" - categories: [MarketplaceCategory!]! -} - -""" -User or token used to modify the asset. -""" -interface ModifiedInfo { -""" -User or token used to modify the asset. -""" - modifiedAt: Long! -} - -type MonthlyIngest { -""" -Stability: Long-term -""" - monthly: [UsageOnDay!]! -} - -""" -Query result for monthly ingest -""" -union MonthlyIngestQueryResult =QueryInProgress | MonthlyIngest - -type MonthlyStorage { -""" -Stability: Long-term -""" - monthly: [StorageOnDay!]! -} - -""" -Query result for monthly storage -""" -union MonthlyStorageQueryResult =QueryInProgress | MonthlyStorage - -type NeverDashboardUpdateFrequency { -""" -Stability: Long-term -""" - name: String! -} - -""" -Assignable node task. -""" -enum NodeTaskEnum { - storage - digest - query -} - -""" -A notification -""" -type Notification { -""" -The unique id for the notification -Stability: Long-term -""" - id: String! -""" -The title of the notification -Stability: Long-term -""" - title: String! -""" -The message for the notification -Stability: Long-term -""" - message: String! -""" -Whether the notification is dismissable -Stability: Long-term -""" - dismissable: Boolean! -""" -The severity of the notification -Stability: Long-term -""" - severity: NotificationSeverity! -""" -The type of the notification -Stability: Long-term -""" - type: NotificationTypes! -""" -Link accompanying the notification -Stability: Long-term -""" - link: String -""" -Description for the link -Stability: Long-term -""" - linkDescription: String -} - -enum NotificationSeverity { - Success - Info - Warning - Error -} - -enum NotificationTypes { - Banner - Announcement - Bell -} - -""" -Paginated response for notifications. -""" -type NotificationsResultSet { -""" -The total number of matching results -Stability: Long-term -""" - totalResults: Int! -""" -The paginated result set -Stability: Long-term -""" - results: [Notification!]! -} - -type OidcIdentityProvider implements IdentityProviderAuthentication{ -""" -Stability: Long-term -""" - id: String! -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - clientId: String! -""" -Stability: Long-term -""" - clientSecret: String! -""" -Stability: Long-term -""" - domains: [String!]! -""" -Stability: Long-term -""" - issuer: String! -""" -Stability: Long-term -""" - tokenEndpointAuthMethod: String! -""" -Stability: Long-term -""" - userClaim: String! -""" -Stability: Long-term -""" - scopes: [String!]! -""" -Stability: Long-term -""" - userInfoEndpoint: String -""" -Stability: Long-term -""" - registrationEndpoint: String -""" -Stability: Long-term -""" - tokenEndpoint: String -""" -Stability: Long-term -""" - groupsClaim: String -""" -Stability: Long-term -""" - jwksEndpoint: String -""" -Stability: Long-term -""" - authenticationMethod: AuthenticationMethodAuth! -""" -Stability: Long-term -""" - authorizationEndpoint: String -""" -Stability: Long-term -""" - debug: Boolean! -""" -Stability: Long-term -""" - federatedIdp: String -""" -Stability: Long-term -""" - scopeClaim: String -""" -Stability: Long-term -""" - defaultIdp: Boolean! -""" -Stability: Long-term -""" - humioManaged: Boolean! -""" -Stability: Long-term -""" - lazyCreateUsers: Boolean! -} - -type OnlyTotal { -""" -Stability: Short-term -""" - total: Int! -} - -enum OrderBy { - DESC - ASC -} - -""" -OrderByDirection -""" -enum OrderByDirection { - DESC - ASC -} - -""" -OrderByUserField -""" -enum OrderByUserField { - FULLNAME - USERNAME - DISPLAYNAME -} - -input OrderByUserFieldInput { - userField: OrderByUserField! - order: OrderByDirection! -} - -type OrgConfig { -""" -Organization ID -Stability: Short-term -""" - id: String! -""" -Organization name -Stability: Short-term -""" - name: String! -""" -bucket region -Stability: Short-term -""" - region: String! -""" - -Stability: Short-term -""" - bucket: String! -""" -bucket prefix -Stability: Short-term -""" - prefix: String! -} - -""" -An Organization -""" -type Organization { -""" -The unique id for the Organization -Stability: Short-term -""" - id: String! -""" -The CID corresponding to the organization -Stability: Short-term -""" - cid: String -""" -The name for the Organization -Stability: Short-term -""" - name: String! -""" -The description for the Organization, can be null -Stability: Short-term -""" - description: String -""" -Details about the organization -Stability: Short-term -""" - details: OrganizationDetails! -""" -Stats of the organization -Stability: Short-term -""" - stats: OrganizationStats! -""" -Organization configurations and settings -Stability: Short-term -""" - configs: OrganizationConfigs! -""" -Search domains in the organization -Stability: Short-term -""" - searchDomains: [SearchDomain!]! -""" -IP filter for readonly dashboard links -Stability: Short-term -""" - readonlyDashboardIPFilter: String -""" -Created date -Stability: Short-term -""" - createdAt: Long -""" -If the organization has been marked for deletion, this indicates the day it was deleted. -Stability: Short-term -""" - deletedAt: Long -""" -Trial started at -Stability: Short-term -""" - trialStartedAt: Long -""" -Public url for the Organization -Stability: Short-term -""" - publicUrl: String -""" -Ingest url for the Organization -Stability: Short-term -""" - ingestUrl: String -""" -Check if the current user has a given permission in the organization. -Stability: Short-term -""" - isActionAllowed( -""" -The action to check if a user is allowed to perform on an organization. -""" - action: OrganizationAction! - ): Boolean! -""" -Limits assigned to the organization -Stability: Short-term -""" - limits: [Limit!]! -""" -Limits assigned to the organizations -Stability: Short-term -""" - limitsV2: [LimitV2!]! -""" -Stability: Short-term -""" - externalPermissions: Boolean! -""" -Stability: Short-term -""" - externalGroupSynchronization: Boolean! -""" -The default cache policy of this organization. -Stability: Preview -""" - defaultCachePolicy: CachePolicy -} - -""" -Actions a user may perform on an organization. -""" -enum OrganizationAction { - AdministerPermissions - CreateRepository - CreateView - ChangeReadOnlyDashboardFilter - CreateUser - ConfigureIdp - ChangeSessions - ChangeOrganizationSettings - CreateTrialRepository - UseCustomEmailTemplate - ViewLoginBridge - ViewUsage - ConfigureIPFilters - DeleteRepositoryOrView - ChangeFleetManagement - ViewFleetManagement - UseRemoteUpdates - UseFleetRemoteDebug - UseFleetEphemeralHosts - UseFleetLabels - ChangeTriggersToRunAsOtherUsers - ChangeEventForwarders - ViewRunningQueries - BlockQueries - AdministerTokens - ManageUsers - ViewIpFilters - DownloadMacOsInstaller - ChangeSecurityPolicies - QueryAssistant - OrganizationQueryOwnershipEnabled - UsePersonalToken - ChangeExternalFunctions - AddFederatedView - ViewFalconDataConnectorUrl - ManageSchemas -""" -Stability: Preview -""" - ExternalFunctionsEnabled - ViewOrganizationSettings - ViewSecurityPolicies - ViewSessionSettings - ViewUsers - ViewPermissions - ViewIdp - ViewOrganizationTokens - ViewDeletedRepositoriesOrViews - ViewEventForwarders - ViewSchemas - UseFleetOverviewDashboards - UseFleetTablePageUI -""" -Stability: Preview -""" - GranularPermissionsUI -} - -""" -Configurations for the organization -""" -type OrganizationConfigs { -""" -Session settings -Stability: Short-term -""" - session: OrganizationSession! -""" -Social login settings -Stability: Short-term -""" - socialLogin: [SocialLoginSettings!]! -""" -Subdomain configuration for the organization -Stability: Short-term -""" - subdomains: SubdomainConfig -""" -Bucket storage configuration for the organization -Stability: Short-term -""" - bucketStorage: BucketStorageConfig -""" -Security policies for actions in the organization -Stability: Short-term -""" - actions: ActionSecurityPolicies -""" -Security policies for tokens in the organization -Stability: Short-term -""" - tokens: TokenSecurityPolicies -""" -Security policies for shared dashboard tokens in the organization -Stability: Short-term -""" - sharedDashboards: SharedDashboardsSecurityPolicies -""" -Login bridge -Stability: Short-term -""" - loginBridge: LoginBridge -""" -Whether the organization is currently blocking ingest -Stability: Short-term -""" - blockingIngest: Boolean! -""" -Default timezone to use for users without a default timezone set. -Stability: Short-term -""" - defaultTimeZone: String -} - -""" -Details about the organization -""" -type OrganizationDetails { -""" -Notes of the organization (root only) -Stability: Short-term -""" - notes: String! -""" -Industry of the organization -Stability: Short-term -""" - industry: String! -""" -Industry of the organization -Stability: Short-term -""" - useCases: [Organizations__UseCases!]! -""" -Subscription of the organization -Stability: Short-term -""" - subscription: Organizations__Subscription! -""" -Trial end date of the organization if any -Stability: Short-term -""" - trialEndDate: Long -""" -Limits of the organization -Stability: Short-term -""" - limits: OrganizationLimits! -""" -The country of the organization -Stability: Short-term -""" - country: String! -""" -Determines whether an organization has access to IOCs (indicators of compromise) -Stability: Short-term -""" - iocAccess: Boolean -} - -""" -Limits of the organization -""" -type OrganizationLimits { -""" -Daily ingest allowed -Stability: Short-term -""" - dailyIngest: Long! -""" -Days of retention allowed -Stability: Short-term -""" - retention: Int! -""" -Max amount of users allowed -Stability: Short-term -""" - users: Int! -""" -License expiration date -Stability: Short-term -""" - licenseExpirationDate: Long -""" -Whether self service is enabled for the Organization, allowing features like creating repositories and setting retention. -Stability: Short-term -""" - allowSelfService: Boolean! -""" -Last contract synchronization date -Stability: Short-term -""" - lastSyncDate: Long -""" -Whether the contract is missing for the organization. None for non accounts, true if account and has no contract and false if contract was found and used. -Stability: Short-term -""" - missingContract: Boolean -""" -Contract version -Stability: Short-term -""" - contractVersion: Organizations__ContractVersion! -} - -""" -Organization management permissions -""" -enum OrganizationManagementPermission { - ManageSpecificOrganizations -} - -enum OrganizationMode { - Single - Multi - MultiV2 -} - -""" -Organization permissions -""" -enum OrganizationPermission { - ExportOrganization - ChangeOrganizationPermissions - ChangeIdentityProviders - CreateRepository - ManageUsers - ViewUsage - ChangeOrganizationSettings - ChangeIPFilters - ChangeSessions - ChangeAllViewOrRepositoryPermissions - IngestAcrossAllReposWithinOrganization - DeleteAllRepositories - DeleteAllViews - ViewAllInternalNotifications - ChangeFleetManagement - ViewFleetManagement - ChangeTriggersToRunAsOtherUsers - MonitorQueries - BlockQueries - ChangeSecurityPolicies - ChangeExternalFunctions - ChangeFieldAliases - ManageViewConnections -} - -""" -An organization search result entry -""" -type OrganizationSearchResultEntry { -""" -The unique id for the Organization -Stability: Short-term -""" - organizationId: String! -""" -The name of the Organization -Stability: Short-term -""" - organizationName: String! -""" -The string matching the search -Stability: Short-term -""" - searchMatch: String! -""" -The id of the entity matched -Stability: Short-term -""" - entityId: String! -""" -The subscription type of the organization -Stability: Short-term -""" - subscription: Organizations__Subscription! -""" -The type of the search result match -Stability: Short-term -""" - type: Organizations__SearchEntryType! -""" -The amount of users in the organization -Stability: Short-term -""" - userCount: Int! -""" -The amount of repositories and views in the organization -Stability: Short-term -""" - viewCount: Int! -""" -The total data volume in bytes that the organization is currently using -Stability: Short-term -""" - byteVolume: Long! -""" -The end date of the trial if applicable -Stability: Short-term -""" - trialEndDate: Long -""" -The time when the organization was created -Stability: Short-term -""" - createdAt: Long! -""" -If the organization has been marked for deletion, this indicates the time when the organization was marked. -Stability: Short-term -""" - deletedAt: Long -""" -The relevant organization for the result -Stability: Short-term -""" - organization: Organization! -} - -""" -An organization search result set -""" -type OrganizationSearchResultSet { -""" -The total number of matching results -Stability: Short-term -""" - totalResults: Int! -""" -The paginated result set -Stability: Short-term -""" - results: [OrganizationSearchResultEntry!]! -} - -""" -Session configuration for the organization -""" -type OrganizationSession { -""" -The maximum time in ms the user is allowed to be inactive -Stability: Long-term -""" - maxInactivityPeriod: Long! -""" -The time in ms after which the user is forced to reauthenticate -Stability: Long-term -""" - forceReauthenticationAfter: Long! -} - -""" -Stats of the organization -""" -type OrganizationStats { -""" -Total compressed data volume used by the organization -Stability: Short-term -""" - dataVolumeCompressed: Long! -""" -Total data volume used by the organization -Stability: Short-term -""" - dataVolume: Long! -""" -The total daily ingest of the organization -Stability: Short-term -""" - dailyIngest: Long! -""" -The number of users in the organization -Stability: Short-term -""" - userCount: Int! -} - -enum OrganizationsLinks__SortBy { - Cid - OrgId - Name -} - -enum Organizations__ContractVersion { - Unknown - Version1 - Version2 -} - -enum Organizations__MeasurementType { - SegmentWriteSize - ProcessedEventsSize -} - -enum Organizations__SearchEntryType { - Organization - Repository - View - User -} - -enum Organizations__SortBy { - UserCount - Name - Volume - ViewCount - Subscription - CreatedAt -} - -enum Organizations__Subscription { - Paying - Trial - PreTrial - PostTrial - UnlimitedPoC - ClusterOwner - Complementary - OnPremMonitor - MissingTOSAcceptance - CommunityLocked - CommunityUnlocked - Partner - Internal - Churned - Unknown -} - -enum Organizations__UseCases { - Unknown - IoT - Security - Operations - ApplicationDevelopment -} - -""" -A Humio package -""" -type Package2 { -""" -Stability: Long-term -""" - id: VersionedPackageSpecifier! -""" -Stability: Long-term -""" - scope: PackageScope! -""" -Stability: Long-term -""" - name: PackageName! -""" -Stability: Long-term -""" - version: PackageVersion! -""" -Stability: Long-term -""" - description: String -""" -Stability: Long-term -""" - iconUrl: UrlOrData -""" -Stability: Long-term -""" - author: PackageAuthor! -""" -Stability: Long-term -""" - contributors: [PackageAuthor!]! -""" -Stability: Long-term -""" - licenseUrl: URL! -""" -Stability: Long-term -""" - minHumioVersion: SemanticVersion! -""" -Stability: Long-term -""" - readme: Markdown -""" -Stability: Long-term -""" - dashboardTemplates: [DashboardTemplate!]! -""" -Stability: Long-term -""" - savedQueryTemplates: [SavedQueryTemplate!]! -""" -Stability: Long-term -""" - parserTemplates: [ParserTemplate!]! -""" -Stability: Long-term -""" - alertTemplates: [AlertTemplate!]! -""" -Stability: Long-term -""" - filterAlertTemplates: [FilterAlertTemplate!]! -""" -Stability: Long-term -""" - aggregateAlertTemplates: [AggregateAlertTemplate!]! -""" -Stability: Long-term -""" - lookupFileTemplates: [LookupFileTemplate!]! -""" -Stability: Long-term -""" - actionTemplates: [ActionTemplate!]! -""" -Stability: Long-term -""" - scheduledSearchTemplates: [ScheduledSearchTemplate!]! -""" -Stability: Long-term -""" - viewInteractionTemplates: [ViewInteractionTemplate!]! -""" -Stability: Long-term -""" - type: PackageType! -""" -The available versions of the package on the marketplace. -Stability: Long-term -""" - versionsOnMarketplace: [RegistryPackageVersionInfo!]! -} - -""" -The author of a package. -""" -type PackageAuthor { -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - email: Email -} - -""" -A package installation. -""" -type PackageInstallation { -""" -Stability: Long-term -""" - id: VersionedPackageSpecifier! -""" -Stability: Long-term -""" - installedBy: UserAndTimestamp! -""" -Stability: Long-term -""" - updatedBy: UserAndTimestamp! -""" -Stability: Long-term -""" - source: PackageInstallationSourceType! -""" -Finds updates on a package. It also looks for updates on packages that were installed manually, in case e.g. test versions of a package have been distributed prior to the full release. -Stability: Long-term -""" - availableUpdate: PackageVersion -""" -Stability: Long-term -""" - package: Package2! -} - -enum PackageInstallationSourceType { -""" -Stability: Long-term -""" - HumioHub -""" -Stability: Long-term -""" - ZipFile -} - -scalar PackageName - -""" -Information about a package that matches a search in a package registry. -""" -type PackageRegistrySearchResultItem { -""" -Stability: Long-term -""" - id: VersionedPackageSpecifier! -""" -Stability: Long-term -""" - description: String -""" -Stability: Long-term -""" - iconUrl: UrlOrData -""" -Stability: Long-term -""" - type: PackageType! -""" -Stability: Long-term -""" - installedVersion: VersionedPackageSpecifier -""" -True if the current version of LogScale supports the latest version of this package. -Stability: Long-term -""" - isLatestVersionSupported: Boolean! -""" -The version of LogScale required to run the latest version of this package. -Stability: Long-term -""" - minHumioVersionOfLatest: SemanticVersion! -} - -scalar PackageScope - -scalar PackageTag - -enum PackageType { -""" -Stability: Long-term -""" - application -""" -Stability: Long-term -""" - library -} - -scalar PackageVersion - -type PageType { -""" -Stability: Long-term -""" - number: Int! -""" -Stability: Long-term -""" - totalNumberOfRows: Int! -""" -Stability: Long-term -""" - total: Int! -} - -""" -The specification of a parameter -""" -type ParameterSpecificationOutput { -""" -The name of the parameter -Stability: Preview -""" - name: String! -""" -The type of the parameter -Stability: Preview -""" - parameterType: ParameterTypeEnum! -""" -Restricts the smallest allowed value for parameters of type Long -Stability: Preview -""" - minLong: Long -""" -Restricts the largest allowed value for parameters of type Long -Stability: Preview -""" - maxLong: Long -""" - Restricts the smallest allowed value for parameters of type Double -Stability: Preview -""" - minDouble: Float -""" -Restricts the largest allowed value for parameters of type Double -Stability: Preview -""" - maxDouble: Float -""" -Restricts the minimum number of allowed elements for parameters of type Array -Stability: Preview -""" - minLength: Int -""" -Defines a default value of the parameter -Stability: Preview -""" - defaultValue: [String!] -} - -""" -The parameter types -""" -enum ParameterTypeEnum { - Field - String - Long - Double - ArrayField - ArrayString - ArrayLong - ArrayDouble -} - -""" -Parameter value configuration. -""" -type ParameterValue { -""" -Id of the parameter. -Stability: Long-term -""" - id: String! -""" -Value of the parameter. -Stability: Long-term -""" - value: String! -} - -""" -A configured parser for incoming data. -""" -type Parser { -""" -The id of the parser. -Stability: Long-term -""" - id: String! -""" -Name of the parser. -Stability: Long-term -""" - name: String! -""" -The full name of the parser including package information if part of an application. -Stability: Long-term -""" - displayName: String! -""" -The description of the parser. -Stability: Long-term -""" - description: String - assetType: AssetType! -""" -True if the parser is one of LogScale's built-in parsers. -Stability: Long-term -""" - isBuiltIn: Boolean! -""" -The parser script that is executed for every incoming event. -Stability: Long-term -""" - script: String! -""" -The source code of the parser. -""" - sourceCode: String! -""" -Stability: Long-term -""" - languageVersion: LanguageVersion! -""" -Fields that are used as tags. -Stability: Long-term -""" - fieldsToTag: [String!]! -""" -The fields to use as tags. -""" - tagFields: [String!]! -""" -A list of fields that will be removed from the event before it's parsed. These fields will not be included when calculating usage. -Stability: Long-term -""" - fieldsToBeRemovedBeforeParsing: [String!]! -""" -A template that can be used to recreate the parser. -Stability: Long-term -""" - yamlTemplate: YAML! -""" -Saved test data (e.g. log lines) that you can use to test the parser. -""" - testData: [String!]! -""" -Test cases that can be used to help verify that the parser works as expected. -Stability: Long-term -""" - testCases: [ParserTestCase!]! -""" -Stability: Long-term -""" - packageId: VersionedPackageSpecifier -""" -Stability: Long-term -""" - package: PackageInstallation -} - -type ParserTemplate { -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - displayName: String! -""" -Stability: Long-term -""" - yamlTemplate: String! -} - -""" -A test case for a parser. -""" -type ParserTestCase { -""" -The event to parse and test on. -Stability: Long-term -""" - event: ParserTestEvent! -""" -Assertions on the shape of the test case output events. The list consists of key-value pairs to be treated as a map-construct, where the index of the output event is the key, and the assertions are the value. -Stability: Long-term -""" - outputAssertions: [ParserTestCaseAssertionsForOutput!]! -} - -""" -Assertions on the shape of the given output event. It is a key-value pair, where the index of the output event is the key, and the assertions are the value. -""" -type ParserTestCaseAssertionsForOutput { -""" -The index of the output event which the assertions should apply to. -Stability: Long-term -""" - outputEventIndex: Int! -""" -Assertions on the shape of a given test case output event. -Stability: Long-term -""" - assertions: ParserTestCaseOutputAssertions! -} - -""" -Assertions on the shape of a given test case output event. -""" -type ParserTestCaseOutputAssertions { -""" -Names of fields which should not be present on the output event. -Stability: Long-term -""" - fieldsNotPresent: [String!]! -""" -Names of fields and their expected value on the output event. These are key-value pairs, and should be treated as a map-construct. -Stability: Long-term -""" - fieldsHaveValues: [FieldHasValue!]! -} - -""" -An event for a parser to parse during testing. -""" -type ParserTestEvent { -""" -The contents of the `@rawstring` field when the event begins parsing. -Stability: Long-term -""" - rawString: String! -} - -""" -A pending user. I.e. a user that was invited to join an organization. -""" -type PendingUser { -""" -The id or token for the pending user -Stability: Long-term -""" - id: String! -""" -Whether IDP is enabled for the organization -Stability: Long-term -""" - idp: Boolean! -""" -The time the pending user was created -Stability: Long-term -""" - createdAt: Long! -""" -The email of the user that invited the pending user -Stability: Long-term -""" - invitedByEmail: String! -""" -The name of the user that invited the pending user -Stability: Long-term -""" - invitedByName: String! -""" -The name of the organization the the pending user is about to join -Stability: Long-term -""" - orgName: String! -""" -The email of the pending user -Stability: Long-term -""" - newUserEmail: String! -""" -The current organization state for the user, if any. -Stability: Long-term -""" - pendingUserState: PendingUserState! -} - -""" -The current organization state for the user. -""" -enum PendingUserState { - NoOrganization - SingleUserOrganization - MultiUserOrganizationOnlyOwnerConflict - MultiUserOrganizationNoConflict - UserExistsNoOrganization - UserExistsDeletedOrganization -} - -""" -Permissions on a view -""" -enum Permission { - ChangeUserAccess -""" -Permission to administer alerts, scheduled searches and actions -""" - ChangeTriggersAndActions -""" -Permission to administer alerts and scheduled searches -""" - ChangeTriggers - CreateTriggers - UpdateTriggers - DeleteTriggers -""" -Permission to administer actions -""" - ChangeActions - CreateActions - UpdateActions - DeleteActions - ChangeDashboards - CreateDashboards - UpdateDashboards - DeleteDashboards - ChangeDashboardReadonlyToken - ChangeFiles - CreateFiles - UpdateFiles - DeleteFiles - ChangeInteractions - ChangeParsers - ChangeSavedQueries - CreateSavedQueries - UpdateSavedQueries - DeleteSavedQueries - ConnectView - ChangeDataDeletionPermissions - ChangeRetention - ChangeDefaultSearchSettings - ChangeS3ArchivingSettings - DeleteDataSources - DeleteRepositoryOrView - DeleteEvents - ReadAccess - ChangeIngestTokens - ChangePackages - ChangeViewOrRepositoryDescription - ChangeConnections -""" -Permission to administer event forwarding rules -""" - EventForwarding - QueryDashboard - ChangeViewOrRepositoryPermissions - ChangeFdrFeeds - OrganizationOwnedQueries - ReadExternalFunctions - ChangeIngestFeeds - ChangeScheduledReports - CreateScheduledReports - UpdateScheduledReports - DeleteScheduledReports -} - -""" -The type of permission -""" -enum PermissionType { - AssetPermission - ViewPermission - OrganizationPermission - OrganizationManagementPermission - SystemPermission -} - -""" -Personal token for a user. The token will inherit the same permissions as the user. -""" -type PersonalUserToken implements Token{ -""" -The id of the token. -Stability: Long-term -""" - id: String! -""" -The name of the token. -Stability: Long-term -""" - name: String! -""" -The time at which the token expires. -Stability: Long-term -""" - expireAt: Long -""" -The ip filter on the token. -Stability: Long-term -""" - ipFilter: String -""" -The ip filter on the token. -Stability: Long-term -""" - ipFilterV2: IPFilter -""" -The date the token was created. -Stability: Long-term -""" - createdAt: Long! -} - -type Query { -""" -All actions, labels and packages used in alerts. -Stability: Preview -""" - alertFieldValues( -""" -Arguments for alert field values query. -""" - input: AlertFieldValuesInput! - ): AlertFieldValues! -""" -Analyze a query for certain properties. -Stability: Short-term -""" - analyzeQuery( - input: AnalyzeQueryArguments! - ): AnalyzeQueryInfo! -""" -Returns information about the IP ASN database used by the LogScale instance. -Stability: Long-term -""" - asnDatabaseInfo: IpDatabaseInfo! -""" -This fetches the list of blocked query patterns. -Stability: Long-term -""" - blockedQueries( -""" -Whether to return all blocked queries within the cluster. Requires the ManageCluster permission. -""" - clusterWide: Boolean -""" -Whether to include blocked queries for organizations that have been deleted. -""" - includeBlockedQueriesForDeletedOrganizations: Boolean - ): [BlockedQuery!]! -""" -This is used to check if a given domain is valid. -Stability: Short-term -""" - checkDomain( - domain: String! - ): Boolean! -""" -Validate a local cluster connection. -Stability: Short-term -""" - checkLocalClusterConnection( -""" -Data for checking a local cluster connection -""" - input: CheckLocalClusterConnectionInput! - ): LocalClusterConnectionStatus! -""" -Validate a remote cluster connection. -Stability: Short-term -""" - checkRemoteClusterConnection( -""" -Data for checking a remote cluster connection -""" - input: CheckRemoteClusterConnectionInput! - ): RemoteClusterConnectionStatus! -""" -Get linked child organizations -Stability: Preview -""" - childOrganizations( - search: String - skip: Int! - limit: Int! -""" -Choose the order in which the results are returned. -""" - orderBy: OrderBy - sortBy: OrganizationsLinks__SortBy - ): ChildOrganizationsResultSet! -""" -This is used to retrieve information about a cluster. -Stability: Long-term -""" - cluster: Cluster! -""" -Return the cluster management settings for this LogScale cluster. -Stability: Short-term -""" - clusterManagementSettings: ClusterManagementSettings -""" -Concatenate multiple valid queries into a combined query. -Stability: Short-term -""" - concatenateQueries( - input: ConcatenateQueriesArguments! - ): QueryConcatenationInfo! -""" -This returns the current authenticated user. -Stability: Long-term -""" - currentUser: User! -""" -This is used to retrieve a dashboard. -Stability: Long-term -""" - dashboardsPage( - search: String - pageNumber: Int! - pageSize: Int! - ): DashboardPage! -""" -For internal debugging -Stability: Preview -""" - debugCache( - searchKeys: [String!]! - ): String! -""" -This returns the current value for the dynamic configuration. -Stability: Short-term -""" - dynamicConfig( - dynamicConfig: DynamicConfig! - ): String! -""" -Returns all dynamic configurations. Requires root access. -Stability: Short-term -""" - dynamicConfigs: [DynamicConfigKeyValueType!]! -""" -Get next and previous pages when querying assets across LogScale views and repositories. Requires the cursor from the entitiesSearch or entitiesPage response as well as a direction -Stability: Preview -""" - entitiesPage( -""" -input parameters for the page -""" - input: EntitiesPageInputType! - ): SearchResult! -""" -Query assets across LogScale views and repositories. Will only return the first page. The response includes a cursor that can be sent to entitiesPage to get next pages with the same parameters -Stability: Preview -""" - entitiesSearch( -""" -input parameters for the search -""" - input: EntitySearchInputType! - ): SearchResult! -""" -Get usage information around non-secret environment variables -Stability: Short-term -""" - environmentVariableUsage: [EnvironmentVariableUsage!]! -""" -This will list all of the event forwarders associated with an organization. -Stability: Long-term -""" - eventForwarders: [EventForwarder!]! -""" -This is used to determine if a given user has exceeded their query quota. -Stability: Short-term -""" - exceededQueryQuotas( -""" -Username of the user for which to retrieve exceeded Query Quotas -""" - username: String! - ): [QueryQuotaExceeded!]! -""" -List feature flags depending on filters and context -Stability: Preview -""" - featureFlags( -""" -Include experimental features. Enabling experimental features are strongly discouraged and can lead to LogScale ending up in a bad state beyond repair. -""" - includeExperimentalFeatures: Boolean -""" -Filter defining for which scope feature flags should be returned -""" - enabledInScopeFilter: EnabledInScope - ): [FeatureFlagV2!]! -""" -This can fetch the OIDC metadata from the discovery (.well-known/openid-configuration) endpoint provided. -Stability: Long-term -""" - fetchOIDCMetadataFromDiscoveryEndpoint( -""" -The .well-known OIDC endpoint. -""" - discoveryEndpoint: String! - ): WellKnownEndpointDetails! -""" -This will fetch the SAML metadata from the discovery endpoint provided. -Stability: Long-term -""" - fetchSamlMetadataFromDiscoveryEndpoint( -""" -The SAML metadata endpoint. -""" - discoveryEndpoint: String! - ): SamlMetadata! -""" -Retrieve the active schema and its field aliases on the given view. -Stability: Long-term -""" - fieldAliasSchemaOnView( - repoOrViewName: String! - ): FieldAliasSchema -""" -Retrieve all schemas for field aliases. -Stability: Long-term -""" - fieldAliasSchemas: FieldAliasSchemasInfo! -""" -This will find information on the identity provider. -Stability: Long-term -""" - findIdentityProvider( - email: String! - ): IdentityProviderAuth! -""" -Stability: Long-term -""" - fleetInstallationToken( - id: String! - ): FleetInstallationToken -""" -Stability: Short-term -""" - fleetInstallationTokens: [FleetInstallationToken!]! -""" -Return the Java Flight Recorder settings for the specified vhost. -Stability: Preview -""" - flightRecorderSettings( -""" -The vhost to fetch settings for. -""" - vhost: Int! - ): FlightRecorderSettings -""" -Generate an unsaved aggregate alert from a package alert template. -Stability: Long-term -""" - generateAggregateAlertFromPackageTemplate( -""" -Data for generating an unsaved aggregate alert object from a library package template -""" - input: GenerateAggregateAlertFromPackageTemplateInput! - ): UnsavedAggregateAlert! -""" -Generate an unsaved aggregate alert from a yaml template. -Stability: Long-term -""" - generateAggregateAlertFromTemplate( -""" -Data for generating an unsaved aggregate alert object from a yaml template -""" - input: GenerateAggregateAlertFromTemplateInput! - ): UnsavedAggregateAlert! -""" -Generate an unsaved alert from a package alert template. -Stability: Long-term -""" - generateAlertFromPackageTemplate( -""" -Data for generating an unsaved alert object from a library package template -""" - input: GenerateAlertFromPackageTemplateInput! - ): UnsavedAlert! -""" -Generate an unsaved alert from a yaml template. -Stability: Long-term -""" - generateAlertFromTemplate( -""" -Data for generating an unsaved alert object from a yaml template -""" - input: GenerateAlertFromTemplateInput! - ): UnsavedAlert! -""" -Generate an unsaved filter alert from a package alert template. -Stability: Long-term -""" - generateFilterAlertFromPackageTemplate( -""" -Data for generating an unsaved filter alert object from a library package template -""" - input: GenerateFilterAlertFromPackageTemplateInput! - ): UnsavedFilterAlert! -""" -Generate an unsaved filter alert from a yaml template. -Stability: Long-term -""" - generateFilterAlertFromTemplate( -""" -Data for generating an unsaved filter alert object from a yaml template -""" - input: GenerateFilterAlertFromTemplateInput! - ): UnsavedFilterAlert! -""" -Generate an unsaved parser from a YAML template. -Stability: Long-term -""" - generateParserFromTemplate( -""" -Data for generating an unsaved parser object from a YAML template -""" - input: GenerateParserFromTemplateInput! - ): UnsavedParser! -""" -Generate an unsaved scheduled search from a package scheduled search template. -Stability: Long-term -""" - generateScheduledSearchFromPackageTemplate( -""" -Data for generating an unsaved scheduled search object from a library package template. -""" - input: GenerateScheduledSearchFromPackageTemplateInput! - ): UnsavedScheduledSearch! -""" -Generate an unsaved scheduled search from a yaml template. -Stability: Long-term -""" - generateScheduledSearchFromTemplate( -""" -Data for generating an unsaved scheduled search object from a yaml templat. -""" - input: GenerateScheduledSearchFromTemplateInput! - ): UnsavedScheduledSearch! -""" -Look up an external function specification. -Stability: Preview -""" - getExternalFunction( - input: GetExternalFunctionInput! - ): ExternalFunctionSpecificationOutput -""" -This is used to get content of a file. -Stability: Long-term -""" - getFileContent( - name: String! - fileName: String! - offset: Int - limit: Int - filterString: String - ): UploadedFileSnapshot! -""" -Get url endpoint for fleet management -Stability: Short-term -""" - getFleetManagementUrl: String! -""" -Stability: Short-term -""" - getLogCollectorDebugLogging: LogCollectorDebugLogging -""" -Stability: Short-term -""" - getLogCollectorDetails( - machineId: String! - ): LogCollectorDetails -""" -Stability: Short-term -""" - getLogCollectorInstanceDebugLogging( - id: String! - ): LogCollectorDebugLogging -""" -Stability: Short-term -""" - getLostCollectorDays: Int! -""" -Used to get information on a specified group. -Stability: Long-term -""" - group( - groupId: String! - ): Group! -""" -Used to get information on groups by a given display name. -Stability: Long-term -""" - groupByDisplayName( - displayName: String! - ): Group! -""" -Search groups and users with permissions on the asset. -Stability: Preview -""" - groupsAndUsersWithPermissionsOnAsset( -""" -The name of the search domain where the asset belongs. -""" - searchDomainName: String! -""" -The type of the asset. -""" - assetType: AssetPermissionsAssetType! -""" -The ID of the asset. For files, use the name of the file. -""" - assetId: String! -""" -Filter results based on this string -""" - searchFilter: String -""" -Indicates whether to include only users, only groups, or both. -""" - groupsOrUsersFilters: [GroupsOrUsersFilter!] -""" -The amount of results to return. -""" - limit: Int -""" -The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1) -""" - skip: Int -""" -Choose the order in which the results are returned. -""" - orderBy: OrderBy -""" -If true the result will also include users and groups that currently doesn't have access to the asset -""" - includeEmptyPermissionSet: Boolean! - ): UserOrGroupAssetPermissionSearchResultSet! -""" -All defined groups in an organization. -Stability: Long-term -""" - groupsPage( - search: String - pageNumber: Int! - pageSize: Int! - typeFilter: [PermissionType!] - ): GroupPage! -""" -This will check whether an organization has an organization root. -Stability: Short-term -""" - hasOrgRoot( - orgId: String! - ): Boolean! -""" -This is used to get information on a specific identity provider. -Stability: Long-term -""" - identityProvider( - id: String! - ): IdentityProviderAuthentication! -""" -Stability: Long-term -""" - identityProviders: [IdentityProviderAuthentication!]! -""" -This returns information about the license for the LogScale instance, if any license installed. -Stability: Long-term -""" - installedLicense: License -""" -Provides details for a specific package installed on a specific view. -Stability: Long-term -""" - installedPackage( -""" -The id of the package. -""" - packageId: VersionedPackageSpecifier! -""" -The name of the view the package is installed in. -""" - viewName: String! - ): PackageInstallation -""" -Used to get information on the IOC database used by the LogScale instance. -Stability: Long-term -""" - iocDatabaseInfo: CrowdStrikeIocStatus! -""" -This returns information about the IP location database used by the LogScale instance. -Stability: Long-term -""" - ipDatabaseInfo: IpDatabaseInfo! -""" -Returns a list of IP filters. -Stability: Long-term -""" - ipFilters: [IPFilter!]! -""" -This will return information about the Kafka cluster. -Stability: Short-term -""" - kafkaCluster: KafkaClusterDescription! -""" -Used to get language restrictions for language version. -Stability: Preview -""" - languageRestrictions( - version: LanguageVersionEnum! - ): QueryLanguageRestriction! -""" -Used to list all notifications currently set in the system. This requires root access. -Stability: Long-term -""" - listNotifications: [Notification!]! -""" -Stability: Short-term -""" - logCollectorConfiguration( - id: String! - ): LogCollectorConfiguration! -""" -List available Log Collector installers. -Stability: Long-term -""" - logCollectorInstallers: [LogCollectorInstaller!] -""" -Stability: Short-term -""" - logCollectorMergedConfiguration( - configIds: [String!]! - ): LogCollectorMergedConfiguration! -""" -List versions available through Remote Update for the LogScale Collector -Stability: Long-term -""" - logCollectorVersionsAvailable: [String!]! -""" -Stability: Long-term -""" - loginBridgeRequest: LoginBridgeRequest! -""" -Stability: Long-term -""" - marketplace: Marketplace! -""" -This will return information about the LogScale instance -Stability: Short-term -""" - meta( - url: String - ): HumioMetadata! -""" -Returns a list of organizations that has non-default bucket-storage configuration -Stability: Short-term -""" - nonDefaultBucketConfigs: [OrgConfig!]! -""" -Stability: Long-term -""" - oidcIdentityProvider( - id: String! - ): OidcIdentityProvider! -""" -Get the current organization -Stability: Long-term -""" - organization: Organization! -""" -Get a pending user. -Stability: Long-term -""" - pendingUser( - token: String! - ): PendingUser! -""" -Get a pending user. -Stability: Long-term -""" - pendingUsers( - search: String - ): [PendingUser!]! -""" -Proxy query through a specific organization. Root operation. -Stability: Long-term -""" - proxyOrganization( - organizationId: String! - ): Query! -""" -Stability: Preview -""" - queryAnalysis( - queryString: String! - languageVersion: LanguageVersionEnum! - isLive: Boolean! - viewName: String - ): queryAnalysis! -""" -Return the query assistance for the given search, as well as the assistant version. -Stability: Preview -""" - queryAssistance( -""" -The search to assist with -""" - search: String! -""" -Enable to remap often used fields to their LogScale equivalents -""" - remapFields: Boolean! - ): QueryAssistantResult! -""" -Stability: Short-term -""" - queryQuotaDefaultSettings: [QueryQuotaIntervalSetting!]! -""" -Stability: Short-term -""" - queryQuotaUsage( -""" -Username of the user for which to retrieve status of Query Quotas -""" - username: String! - ): [QueryQuotaUsage!]! -""" -Stability: Short-term -""" - queryQuotaUserSettings( -""" -If omitted, returns the Query Quota Settings for all users. If provided, returns the Query Quota Settings for that particular user. -""" - username: String - ): [QueryQuotaUserSettings!]! -""" -Query search domains with organization filter -Stability: Long-term -""" - querySearchDomains( -""" -Filter results based on this string -""" - searchFilter: String -""" -Choose to filter based on type of search domain -""" - typeFilter: SearchDomainTypes! - sortBy: Searchdomain__SortBy! -""" -Choose the order in which the results are returned. -""" - orderBy: OrderBy -""" -The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1) -""" - skip: Int -""" -The amount of results to return. -""" - limit: Int -""" -Filter for deleted search domains. True will return deleted search domains and exclude regular search domains and requires that you have some permission that grants you access to delete search domains. False or nothing will return search domains that has not yet been deleted. -""" - deleted: Boolean - includeHidden: Boolean -""" -Filter results by name of connected limit. Search domains without a limit will be excluded -""" - limitName: String - ): SearchDomainSearchResultSet! -""" -Fetch the list of active event redaction jobs. -Stability: Long-term -""" - redactEvents( -""" -The name of the repository to fetch pending event redactions for. -""" - repositoryName: String! - ): [DeleteEvents!]! -""" -Stability: Long-term -""" - repositories( -""" -Include sandboxes for other users in the results set -""" - includeSandboxes: Boolean - includeHidden: Boolean - ): [Repository!]! -""" -Lookup a given repository by name. -Stability: Long-term -""" - repository( -""" -The name of the repository -""" - name: String! - includeHidden: Boolean - ): Repository! -""" -A given role. -Stability: Long-term -""" - role( - roleId: String! - ): Role! -""" -All defined roles. -Stability: Long-term -""" - roles: [Role!]! -""" -All defined roles in org. -Stability: Long-term -""" - rolesInOrgForChangingUserAccess( - searchDomainId: String! - ): [Role!]! -""" -Searchable paginated roles -Stability: Long-term -""" - rolesPage( - search: String - pageNumber: Int! - pageSize: Int! - typeFilter: [PermissionType!] - includeHidden: Boolean - ): RolePage! -""" -Returns running queries. -Stability: Long-term -""" - runningQueries( -""" -Search term that is used to filter running queries based on query input -""" - searchTerm: String -""" -Which field to use when sorting -""" - sortField: SortField - sortOrder: SortOrder -""" -Whether to return global results. Default=false. True requires system level access. -""" - global: Boolean - ): RunningQueries! -""" -Returns whether AWS Role is required when configuring S3 Archiving. -Stability: Short-term -""" - s3ArchivingRequiresRole: Boolean! -""" -Stability: Long-term -""" - samlIdentityProvider( - id: String! - ): SamlIdentityProvider! -""" -Stability: Long-term -""" - savedQuery( - id: String! - ): SavedQuery! -""" -Get scheduled report information using a scheduled report access token. -Stability: Long-term -""" - scheduledReport: LimitedScheduledReport! -""" -Stability: Long-term -""" - searchDomain( - name: String! - ): SearchDomain! -""" -Lists assets in the provided search domains. -Stability: Preview -""" - searchDomainAssets( -""" -The names of the search domains to search for assets in. If empty, includes assets from all search domains the requester has access to. -""" - searchDomainNames: [String!]! -""" -The types of assets to include. If empty, all asset types are included. -""" - assetTypes: [AssetPermissionsAssetType!] -""" -Filter results based on this string -""" - searchFilter: String -""" -The amount of results to return. -""" - limit: Int -""" -The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1) -""" - skip: Int -""" -Choose the order in which the results are returned. -""" - orderBy: OrderBy - ): SearchDomainAssetsResultSet! -""" -Stability: Long-term -""" - searchDomains( - includeHidden: Boolean - ): [SearchDomain!]! -""" -Paged searchDomains. -Stability: Long-term -""" - searchDomainsPage( - search: String - includeHidden: Boolean - pageNumber: Int! - pageSize: Int! - ): SearchDomainPage! -""" -Get paginated search results. -Stability: Short-term -""" - searchFleet( - isLiveFilter: Boolean - versionFilter: SearchFleetVersionFilter - osFilter: SearchFleetOsFilter - groupIdsFilter: [String!] - changeFilter: Changes - groupFilter: GroupFilter - queryState: String - inactiveFilter: Boolean - statusFilter: SearchFleetStatusFilter - testConfigIdFilter: String - configIdFilter: String -""" -Filter results based on this string -""" - searchFilter: String - sortBy: Fleet__SortBy -""" -Choose the order in which the results are returned. -""" - orderBy: OrderBy -""" -The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1) -""" - skip: Int -""" -The amount of results to return. -""" - limit: Int - ): SearchFleetUnion! -""" -Stability: Short-term -""" - searchFleetInstallationTokens( -""" -The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1) -""" - skip: Int -""" -The amount of results to return. -""" - limit: Int - sortBy: FleetInstallationTokens__SortBy -""" -Choose the order in which the results are returned. -""" - orderBy: OrderBy - ): SearchFleetInstallationTokenResultSet! -""" -Search log collector configurations. -Stability: Short-term -""" - searchLogCollectorConfigurations( -""" -Filter results based on this string -""" - searchFilter: String -""" -The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1) -""" - skip: Int -""" -The amount of results to return. -""" - limit: Int - sortBy: FleetConfiguration__SortBy -""" -Choose the order in which the results are returned. -""" - orderBy: OrderBy - ): SearchLogCollectorConfigurationResultSet! -""" -Search log collector configurations. -Stability: Short-term -""" - searchLogCollectorGroups( -""" -Filter results based on this string -""" - searchFilter: String -""" -The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1) -""" - skip: Int -""" -The amount of results to return. -""" - limit: Int - sortBy: FleetGroups__SortBy -""" -Choose the order in which the results are returned. -""" - orderBy: OrderBy - ): SearchLogCollectorGroupsResultSet! -""" -Get paginated search results. (Root operation) -Stability: Short-term -""" - searchOrganizations( -""" -Filter results based on this string -""" - searchFilter: String - sortBy: Organizations__SortBy! - typeFilter: [Organizations__SearchEntryType!] - subscriptionFilter: [Organizations__Subscription!] - includeDeletedFilter: Boolean -""" -Choose the order in which the results are returned. -""" - orderBy: OrderBy -""" -The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1) -""" - skip: Int -""" -The amount of results to return. -""" - limit: Int - ): OrganizationSearchResultSet! -""" -Check the status for a specific typed service. -Stability: Preview -""" - serviceStatus( -""" -The service type name of the service to get status for. -""" - serviceType: String! - ): HealthStatus! -""" -Metadata from all registered services -Stability: Preview -""" - servicesMetadata: [ServiceMetadata!]! -""" -Paginated search results for tokens -Stability: Long-term -""" - sessions( -""" -Filter results based on this string -""" - searchFilter: String - level: Sessions__Filter_Level - sortBy: Sessions__SortBy -""" -Choose the order in which the results are returned. -""" - orderBy: OrderBy -""" -The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1) -""" - skip: Int -""" -The amount of results to return. -""" - limit: Int - onlyActiveSessions: Boolean - ): SessionQueryResultSet! -""" -Gets a shared dashboard by it's shared link token. -Stability: Long-term -""" - sharedDashboards( - token: String! - ): SharedDashboard! -""" -Stability: Long-term -""" - starredDashboards: [Dashboard!]! -""" -Get a specific token by ID -Stability: Long-term -""" - token( - tokenId: String! - ): Token! -""" -Token for fleet management. -Stability: Short-term -""" - tokenForFleetManagement: String! -""" -Paginated search results for tokens -Stability: Long-term -""" - tokens( -""" -Filter results based on this string -""" - searchFilter: String - typeFilter: [Tokens__Type!] - parentEntityIdFilter: [String!] - sortBy: Tokens__SortBy! -""" -Choose the order in which the results are returned. -""" - orderBy: OrderBy -""" -The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1) -""" - skip: Int -""" -The amount of results to return. -""" - limit: Int - ): TokenQueryResultSet! -""" -Stability: Preview -""" - usage: UsageStats! -""" -A user in the system. -Stability: Long-term -""" - user( - id: String! - ): User -""" -Requires manage cluster permission; Returns all users in the system. -Stability: Long-term -""" - users( - orderBy: OrderByUserFieldInput - search: String - ): [User!]! -""" +"Data for generating an unsaved parser object from a YAML template" +input GenerateParserFromTemplateInput { + "YAML specification of the parser." + yamlTemplate: YAML! +} + +"Data for generating an unsaved scheduled search object from a library package template." +input GenerateScheduledSearchFromPackageTemplateInput { + "Name of the view of the scheduled search." + viewName: RepoOrViewName! + + "The id of the package that the scheduled search was installed as part of." + packageId: VersionedPackageSpecifier! + + "The name of the scheduled search template in the package." + templateName: String! +} + +"Data for generating an unsaved scheduled search object from a yaml templat." +input GenerateScheduledSearchFromTemplateInput { + "Name of the view of the scheduled search." + viewName: RepoOrViewName! + + "YAML specification of the scheduled search." + yamlTemplate: YAML! +} + +"The input for a generic remote table config." +input GenericConnectionConfigInput { + "The URL for the generic table config." + remoteUrl: String! + + "The parameters for the generic table config." + parameters: [GenericParameterInput!]! + + "Input list for static key value pairs" + staticConfigurations: [KeyValueConfigurationInput!]! +} + +"A parameter for a generic table config." +input GenericParameterInput { + "The name of the generic table config parameter. Must be unique in the config. Cannot be empty" + parameterName: String! + + "The parameter, if it is a string parameter." + parameterConfigString: StringParameterInput + + "The parameter, if it is a long parameter." + parameterConfigLong: LongParameterInput +} + +"The input required to get an external function specification." +input GetExternalFunctionInput { + "The name of the external function to fetch." + name: String! + + "The view the external function should be accessible on." + view: String! +} + +"The input required to get a remote table config." +input GetRemoteTableConfigInput { + "The connection name of the remote table config to fetch." + connectionName: String! + + "The name of the view the remote table config should be accessible on." + viewName: String! +} + +"The input required to get all accessible remote table configs." +input GetRemoteTableConfigsInViewInput { + "The name of the view the remote table configs should be accessible on." + viewName: String! +} + +"A group." +type Group { + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + displayName: String! @stability(level: LongTerm) + + "Stability: Long-term" + defaultQueryPrefix: String @stability(level: LongTerm) + + "Stability: Long-term" + defaultRole: Role @stability(level: LongTerm) + + "Stability: Long-term" + defaultSearchDomainCount: Int! @stability(level: LongTerm) + + "Stability: Long-term" + lookupName: String @stability(level: LongTerm) + + "Stability: Long-term" + searchDomainCount: Int! @stability(level: LongTerm) + + "Stability: Long-term" + roles: [SearchDomainRole!]! @stability(level: LongTerm) + + "Stability: Long-term" + searchDomainRoles(searchDomainId: String): [SearchDomainRole!]! @stability(level: LongTerm) + searchDomainRolesByName(searchDomainName: String!): SearchDomainRole @deprecated(reason: "[DEPRECATED: When multiple roles per view is enabled, this field will only return the first of possibly multiple roles matching the name for the view. Use \"roles\" or \"searchDomainRoles\" or \"searchDomainRolesBySearchDomainName\" fields instead. Will be removed at the earliest in version 1.195]") + + "Stability: Long-term" + searchDomainRolesBySearchDomainName(searchDomainName: String!): [SearchDomainRole!]! @stability(level: LongTerm) + + """ + Get allowed asset actions for the group on a specific asset and explain how it has gotten this access + Stability: Preview + """ + allowedAssetActionsBySource( + "Id of the asset" + assetId: String!, + + "The type of the asset." + assetType: AssetPermissionsAssetType!, searchDomainId: String): GroupAssetActionsBySource! @stability(level: Preview) + + """ + Search for asset permissions for the group. Only search for asset name is supported with regards to the searchFilter argument. + Stability: Short-term + """ + searchAssetPermissions( + "Filter results based on this string" + searchFilter: String, + + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, + + "The amount of results to return." + limit: Int = 50, + + "Choose the order in which the results are returned." + orderBy: OrderBy = ASC, + + "The sort by options for assets. Asset name is default" + sortBy: SortBy, + + "List of asset types" + assetTypes: [AssetPermissionsAssetType!], + + "List of search domain id's to search within. Null or empty list is interpreted as all search domains" + searchDomainIds: [String!], + + "Include Read, Update and/or Delete permission assignments. The filter will accept all assets if the argument Null or the empty list." + permissions: [AssetAction!]): AssetPermissionSearchResultSet! @stability(level: ShortTerm) + + "Stability: Long-term" + systemRoles: [GroupSystemRole!]! @stability(level: LongTerm) + + "Stability: Long-term" + organizationRoles: [GroupOrganizationRole!]! @stability(level: LongTerm) + + "Stability: Long-term" + queryPrefixes(onlyIncludeRestrictiveQueryPrefixes: Boolean, onlyForRoleWithId: String, onlyForViewWithId: String): [QueryPrefixes!]! @stability(level: LongTerm) + + "Stability: Long-term" + userCount: Int! @stability(level: LongTerm) + + "Stability: Long-term" + users: [User!]! @stability(level: LongTerm) + + "Stability: Long-term" + searchUsers( + "Filter results based on this string" + searchFilter: String, + + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, + + "The amount of results to return." + limit: Int = 50, + + "The value to sort the result set by." + sortBy: OrderByUserField = DISPLAYNAME, + + "Choose the order in which the results are returned." + orderBy: OrderBy = ASC): UserResultSetType! @stability(level: LongTerm) + + "Stability: Long-term" + permissionType: PermissionType @stability(level: LongTerm) +} + +"Asset actions given by a group for a specific asset" +type GroupAssetActionsBySource implements AssetActionsBySource { + "Stability: Short-term" + group: Group @stability(level: ShortTerm) + + """ + List of roles assigned to the user or group and the asset actions they allow + Stability: Short-term + """ + assetActionsByRoles: [AssetActionsByRole!]! @stability(level: ShortTerm) + + """ + Asset permissions assigned directly to the user or group + Stability: Short-term + """ + directlyAssigned: DirectlyAssignedAssetPermissions! @stability(level: ShortTerm) +} + +input GroupFilter { + oldQuery: String + newQuery: String! +} + +type GroupFilterInfo { + "Stability: Short-term" + total: Int! @stability(level: ShortTerm) + + "Stability: Short-term" + added: Int! @stability(level: ShortTerm) + + "Stability: Short-term" + removed: Int! @stability(level: ShortTerm) + + "Stability: Short-term" + noChange: Int! @stability(level: ShortTerm) +} + +"The organization management roles of the group." +type GroupOrganizationManagementRole { + "Stability: Long-term" + role: Role! @stability(level: LongTerm) +} + +"The organization roles of the group." +type GroupOrganizationRole { + "Stability: Long-term" + role: Role! @stability(level: LongTerm) +} + +"A page of groups in an organization." +type GroupPage { + "Stability: Long-term" + pageInfo: PageType! @stability(level: LongTerm) + + "Stability: Long-term" + page: [Group!]! @stability(level: LongTerm) +} + +"The groups query result set." +type GroupResultSetType { + """ + The total number of matching results + Stability: Long-term + """ + totalResults: Int! @stability(level: LongTerm) + + """ + The paginated result set + Stability: Long-term + """ + results: [Group!]! @stability(level: LongTerm) +} + +input GroupRoleAssignment { + groupId: String! + roleId: String! +} + +"The role assigned to a group in a SearchDomain" +type GroupSearchDomainRole { + "Stability: Long-term" + role: Role! @stability(level: LongTerm) + + "Stability: Long-term" + searchDomain: SearchDomain! @stability(level: LongTerm) + + "Stability: Long-term" + group: Group! @stability(level: LongTerm) +} + +"The system roles of the group." +type GroupSystemRole { + "Stability: Long-term" + role: Role! @stability(level: LongTerm) +} + +enum GroupsOrUsersFilter { + Groups + Users +} + +"Health status of the service" +type HealthStatus { + """ + The latest status from the service + Stability: Preview + """ + status: String! @stability(level: Preview) + + """ + The latest health status message from the service + Stability: Preview + """ + message: String! @stability(level: Preview) +} + +"A http request header." +type HttpHeaderEntry { + """ + Key of a http(s) header. + Stability: Long-term + """ + header: String! @stability(level: LongTerm) + + """ + Value of a http(s) header. + Stability: Long-term + """ + value: String! @stability(level: LongTerm) +} + +"Http(s) Header entry." +input HttpHeaderEntryInput { + "Key of a http(s) header." + header: String! + + "Value of a http(s) header." + value: String! +} + +"Represents information about the LogScale instance." +type HumioMetadata { + """ + Returns enabled features that are likely in beta. + Stability: Short-term + """ + isFeatureFlagEnabled(feature: FeatureFlag!): Boolean! @stability(level: ShortTerm) + + "Stability: Long-term" + externalPermissions: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + version: String! @stability(level: LongTerm) + + """ + An indication whether or not the cluster is being updated. This is based off of differences in the cluster node versions. + Stability: Preview + """ + isClusterBeingUpdated: Boolean! @stability(level: Preview) + + """ + The lowest detected node version in the cluster. + Stability: Preview + """ + minimumNodeVersion: String! @stability(level: Preview) + + "Stability: Long-term" + environment: EnvironmentType! @stability(level: LongTerm) + + "Stability: Long-term" + clusterId: String! @stability(level: LongTerm) + + "Stability: Short-term" + falconDataConnectorUrl: String @stability(level: ShortTerm) + + "Stability: Long-term" + regions: [RegionSelectData!]! @stability(level: LongTerm) + + """ + List of supported AWS regions + Stability: Long-term + """ + awsRegions: [String!]! @stability(level: LongTerm) + + """ + Cluster AWS IAM role arn (Amazon Resource Name) used to assume role for ingest feeds + Stability: Long-term + """ + ingestFeedAwsRoleArn: String @stability(level: LongTerm) + + """ + Configuration status for AWS ingest feeds. + Stability: Long-term + """ + awsIngestFeedsConfigurationStatus: IngestFeedConfigurationStatus! @stability(level: LongTerm) + + "Stability: Short-term" + sharedDashboardsEnabled: Boolean! @stability(level: ShortTerm) + + "Stability: Short-term" + personalUserTokensEnabled: Boolean! @stability(level: ShortTerm) + + "Stability: Long-term" + globalAllowListEmailActionsEnabled: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + isAutomaticUpdateCheckingEnabled: Boolean! @stability(level: LongTerm) + + """ + The authentication method used for the cluster node + Stability: Long-term + """ + authenticationMethod: AuthenticationMethod! @stability(level: LongTerm) + + "Stability: Short-term" + organizationMultiMode: Boolean! @stability(level: ShortTerm) + + "Stability: Short-term" + organizationMode: OrganizationMode! @stability(level: ShortTerm) + + "Stability: Short-term" + sandboxesEnabled: Boolean! @stability(level: ShortTerm) + + "Stability: Short-term" + externalGroupSynchronization: Boolean! @stability(level: ShortTerm) + + "Stability: Long-term" + allowActionsNotUseProxy: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + isUsingSmtp: Boolean! @stability(level: LongTerm) + + "Stability: Short-term" + isPendingUsersEnabled: Boolean! @stability(level: ShortTerm) + + "Stability: Long-term" + scheduledSearchMaxBackfillLimit: Int @stability(level: LongTerm) + + "Stability: Short-term" + isExternalManaged: Boolean! @stability(level: ShortTerm) + + "Stability: Short-term" + isApiExplorerEnabled: Boolean! @stability(level: ShortTerm) + + "Stability: Short-term" + isScheduledReportEnabled: Boolean! @stability(level: ShortTerm) + + "Stability: Short-term" + eulaUrl: String! @stability(level: ShortTerm) + + """ + The time in ms after which a repository has been marked for deletion it will no longer be restorable. + Stability: Long-term + """ + deleteBackupAfter: Long! @stability(level: LongTerm) + + "Stability: Short-term" + maxCsvFileUploadSizeBytes: Long! @stability(level: ShortTerm) + + "Stability: Short-term" + maxJsonFileUploadSizeBytes: Long! @stability(level: ShortTerm) + + """ + Shows the current configuration for ingest feeds. + Stability: Long-term + """ + ingestFeedConfigurations: IngestFeedConfiguration! @stability(level: LongTerm) +} + +"A LogScale query" +type HumioQuery { + "Stability: Long-term" + languageVersion: LanguageVersion! @stability(level: LongTerm) + + "Stability: Long-term" + queryString: String! @stability(level: LongTerm) + + "Stability: Long-term" + arguments: [DictionaryEntryType!]! @stability(level: LongTerm) + + "Stability: Long-term" + start: String! @stability(level: LongTerm) + + "Stability: Long-term" + end: String! @stability(level: LongTerm) + + "Stability: Long-term" + isLive: Boolean! @stability(level: LongTerm) +} + +"A LogScale repository action." +type HumioRepoAction implements Action { + """ + Humio ingest token for the dataspace that the action should ingest into. + Stability: Long-term + """ + ingestToken: String! @stability(level: LongTerm) + + """ + The name of the action. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + The display name of the action. + Stability: Long-term + """ + displayName: String! @stability(level: LongTerm) + + """ + The id of the action. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + A template that can be used to recreate the action. + Stability: Long-term + """ + yamlTemplate: YAML! @stability(level: LongTerm) + + "Stability: Long-term" + packageId: VersionedPackageSpecifier @stability(level: LongTerm) + + """ + The package, if any, which the action is part of. + Stability: Long-term + """ + package: PackageInstallation @stability(level: LongTerm) + + """ + False if this type of action is disabled because of a security policy, true otherwise + Stability: Long-term + """ + isAllowedToRun: Boolean! @stability(level: LongTerm) + + """ + True if this action is used by triggers, where the query is run by the organization. If true, then the OrganizationOwnedQueries permission is required to edit the action. + Stability: Long-term + """ + requiresOrganizationOwnedQueriesPermissionToEdit: Boolean! @stability(level: LongTerm) + + """ + Allowed asset actions + Stability: Short-term + """ + allowedActions: [AssetAction!]! @stability(level: ShortTerm) + + """ + The resource identifier for this action. + Stability: Short-term + """ + resource: String! @stability(level: ShortTerm) + + """ + Metadata related to the creation of the action + Stability: Long-term + """ + createdInfo: AssetCommitMetadata @stability(level: LongTerm) + + """ + Metadata related to the latest modification of the action + Stability: Long-term + """ + modifiedInfo: AssetCommitMetadata @stability(level: LongTerm) + + """ + Labels to categorize the action. + Stability: Preview + """ + labels: [String!] @stability(level: Preview) +} + +"An IP Filter" +type IPFilter { + """ + The unique id for the ip filter + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + The name for the ip filter + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + The ip filter + Stability: Long-term + """ + ipFilter: String! @stability(level: LongTerm) +} + +input IPFilterIdInput { + id: String! +} + +input IPFilterInput { + name: String! + ipFilter: String! +} + +input IPFilterUpdateInput { + id: String! + name: String + ipFilter: String +} + +type IdentityProviderAuth { + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + authenticationMethod: AuthenticationMethodAuth! @stability(level: LongTerm) +} + +"An Identity Provider" +interface IdentityProviderAuthentication { + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + defaultIdp: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + humioManaged: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + lazyCreateUsers: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + domains: [String!]! @stability(level: LongTerm) + + "Stability: Long-term" + debug: Boolean! @stability(level: LongTerm) +} + +type Ignored implements contractual { + "\nStability: Long-term" + includeUsage: Boolean! @stability(level: LongTerm) +} + +type Ingest { + "Stability: Long-term" + currentBytes: Long! @stability(level: LongTerm) + + "Stability: Long-term" + limit: UsageLimit! @stability(level: LongTerm) +} + +"An ingest feed." +type IngestFeed { + """ + Id of the ingest feed. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + Name of the ingest feed. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + Description of the ingest feed. + Stability: Long-term + """ + description: String @stability(level: LongTerm) + + """ + Parser used to parse the ingest feed. + Stability: Long-term + """ + parser: Parser @stability(level: LongTerm) + + """ + Ingest feed enabled state. + Stability: Long-term + """ + enabled: Boolean! @stability(level: LongTerm) + + """ + The source which this ingest feed will ingest from + Stability: Long-term + """ + source: IngestFeedSource! @stability(level: LongTerm) + + """ + Unix timestamp for when this feed was created + Stability: Long-term + """ + createdAt: Long! @stability(level: LongTerm) + + """ + Details about how the ingest feed is running + Stability: Long-term + """ + executionInfo: IngestFeedExecutionInfo @stability(level: LongTerm) + + """ + If the ingest feed is force stopped, meaning only a cluster manager can start the ingest feed again. + Stability: Preview + """ + forceStopped: Boolean! @stability(level: Preview) +} + +"How to authenticate to AWS." +union IngestFeedAwsAuthentication = IngestFeedAwsAuthenticationIamRole + +"IAM role authentication" +type IngestFeedAwsAuthenticationIamRole { + """ + ARN of the role to be assumed + Stability: Long-term + """ + roleArn: String! @stability(level: LongTerm) + + """ + External Id to the role to be assumed + Stability: Long-term + """ + externalId: String! @stability(level: LongTerm) +} + +"How to authenticate to AWS." +input IngestFeedAwsAuthenticationInput { + kind: IngestFeedAwsAuthenticationKind! + + "ARN of the role to be assumed" + roleArn: String +} + +"The kind of AWS authentication to use." +enum IngestFeedAwsAuthenticationKind { + "IAM role authentication" + IamRole +} + +"Compression scheme of the file." +enum IngestFeedCompression { + Auto + Gzip + None +} + +"Shows the current configuration for ingest feeds" +type IngestFeedConfiguration { + """ + Shows the current configuration for ingest feeds that uses Azure Event Hubs. + Stability: Long-term + """ + AzureEventHubs: AzureEventHubConfiguration! @stability(level: LongTerm) + + """ + Shows the current configuration for ingest feeds that uses AWS S3 and SQS. + Stability: Long-term + """ + AwsS3SQS: AWSS3SQSConfiguration! @stability(level: LongTerm) +} + +"Represents the configuration status of the ingest feed feature on the cluster" +type IngestFeedConfigurationStatus { + "Stability: Long-term" + isConfigured: Boolean! @stability(level: LongTerm) +} + +"Details about how the ingest feed is running" +type IngestFeedExecutionInfo { + """ + Unix timestamp of the latest activity for the feed + Stability: Long-term + """ + latestActivity: Long @stability(level: LongTerm) + + """ + Details about the status of the ingest feed + Stability: Long-term + """ + statusMessage: IngestFeedStatus @stability(level: LongTerm) +} + +"The preprocessing to apply to an ingest feed before parsing." +union IngestFeedPreprocessing = IngestFeedPreprocessingSplitNewline | IngestFeedPreprocessingSplitAwsRecords + +"The preprocessing to apply to an ingest feed before parsing." +input IngestFeedPreprocessingInput { + kind: IngestFeedPreprocessingKind! +} + +"The kind of preprocessing to do." +enum IngestFeedPreprocessingKind { + "Interpret the input as AWS JSON record format and emit each record as an event" + SplitAwsRecords + + "Interpret the input as newline-delimited and emit each line as an event" + SplitNewline +} + +"Interpret the input as AWS JSON record format and emit each record as an event" +type IngestFeedPreprocessingSplitAwsRecords { + """ + The kind of preprocessing to do. + Stability: Long-term + """ + kind: IngestFeedPreprocessingKind! @stability(level: LongTerm) +} + +"Interpret the input as newline-delimited and emit each line as an event" +type IngestFeedPreprocessingSplitNewline { + """ + The kind of preprocessing to do. + Stability: Long-term + """ + kind: IngestFeedPreprocessingKind! @stability(level: LongTerm) +} + +"The ingest feed query result set" +type IngestFeedQueryResultSet { + """ + The total number of matching results + Stability: Long-term + """ + totalResults: Int! @stability(level: LongTerm) + + """ + The paginated result set + Stability: Long-term + """ + results: [IngestFeed!]! @stability(level: LongTerm) +} + +"An ingest feed that polls data from S3 and is notified via SQS" +type IngestFeedS3SqsSource { + """ + AWS SQS queue url. + Stability: Long-term + """ + sqsUrl: String! @stability(level: LongTerm) + + """ + The preprocessing to apply to an ingest feed before parsing. + Stability: Long-term + """ + preprocessing: IngestFeedPreprocessing! @stability(level: LongTerm) + + """ + How to authenticate to AWS. + Stability: Long-term + """ + awsAuthentication: IngestFeedAwsAuthentication! @stability(level: LongTerm) + + """ + Compression scheme of the file. + Stability: Long-term + """ + compression: IngestFeedCompression! @stability(level: LongTerm) + + """ + The AWS region to connect to. + Stability: Long-term + """ + region: String! @stability(level: LongTerm) +} + +"The source from which to download from an ingest feed." +union IngestFeedSource = IngestFeedS3SqsSource | AzureEventHubs + +"Details about the status of the ingest feed" +type IngestFeedStatus { + """ + Description of the problem with the ingest feed + Stability: Long-term + """ + problem: String! @stability(level: LongTerm) + + """ + Terse description of the problem with the ingest feed + Stability: Long-term + """ + terseProblem: String @stability(level: LongTerm) + + """ + Timestamp, in milliseconds, of when the status message was set + Stability: Long-term + """ + statusTimestamp: Long! @stability(level: LongTerm) + + """ + Cause of the problem with the ingest feed + Stability: Long-term + """ + cause: IngestFeedStatusCause @stability(level: LongTerm) +} + +"Details about the cause of the problem" +type IngestFeedStatusCause { + """ + Description of the cause of the problem + Stability: Long-term + """ + cause: String! @stability(level: LongTerm) + + """ + Terse description of the cause of the problem + Stability: Long-term + """ + terseCause: String @stability(level: LongTerm) +} + +enum IngestFeeds__SortBy { + CreatedTimeStamp + Name +} + +enum IngestFeeds__Type { + AwsS3Sqs + AzureEventHubs +} + +"Ingest Listeners listen on a port for UDP or TCP traffic, used with SysLog." +type IngestListener { + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + repository: Repository! @stability(level: LongTerm) + + """ + The TCP/UDP port to listen to. + Stability: Long-term + """ + port: Int! @stability(level: LongTerm) + + """ + The network protocol data is sent through. + Stability: Long-term + """ + protocol: IngestListenerProtocol! @stability(level: LongTerm) + + """ + The charset used to decode the event stream. Available charsets depend on the JVM running the LogScale instance. Names and aliases can be found at http://www.iana.org/assignments/character-sets/character-sets.xhtml + Stability: Long-term + """ + charset: String! @stability(level: LongTerm) + + """ + Specify which host should open the socket. By default this field is empty and all hosts will open a socket. This field can be used to select only one host to open the socket. + Stability: Long-term + """ + vHost: Int @stability(level: LongTerm) + + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + """ + The ip address this listener will bind to. By default (leaving this field empty) it will bind to 0.0.0.0 - all interfaces. Using this field it is also possible to specify the address to bind to. In a cluster setup it is also possible to specify if only one machine should open a socket - The vhost field is used for that. + Stability: Long-term + """ + bindInterface: String! @stability(level: LongTerm) + + """ + The parser configured to parse data for the listener. This returns null if the parser has been removed since the listener was created. + Stability: Long-term + """ + parser: Parser @stability(level: LongTerm) +} + +"The network protocol a ingest listener uses." +enum IngestListenerProtocol { + "UDP Protocol" + UDP + + "TCP Protocol" + TCP + + "Gelf over UDP Protocol" + GELF_UDP + + "Gelf over TCP Protocol" + GELF_TCP + + "Netflow over UDP" + NETFLOW_UDP +} + +"A cluster ingest partition. It assigns cluster nodes with the responsibility of ingesting data." +type IngestPartition { + "Stability: Long-term" + id: Int! @stability(level: LongTerm) + + """ + The ids of the node responsible executing real-time queries for the partition and writing events to time series. The list is ordered so that the first node is the primary node and the rest are followers ready to take over if the primary fails. + Stability: Long-term + """ + nodeIds: [Int!]! @stability(level: LongTerm) +} + +input IngestPartitionInput { + id: Int! + nodeIds: [Int!]! +} + +"An API ingest token used for sending data to LogScale." +type IngestToken { + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + token: String! @stability(level: LongTerm) + + "Stability: Long-term" + parser: Parser @stability(level: LongTerm) +} + +input InputData { + id: String! +} + +input InputDictionaryEntry { + key: String! + value: String! +} + +input InstallPackageFromRegistryInput { + viewName: RepoOrViewName! + packageId: VersionedPackageSpecifier! + queryOwnershipType: QueryOwnershipType = User +} + +type InstallPackageFromRegistryResult { + "Stability: Long-term" + package: Package2! @stability(level: LongTerm) +} + +type InstallPackageFromZipResult { + "Stability: Long-term" + wasSuccessful: Boolean! @stability(level: LongTerm) +} + +type InteractionId { + "Stability: Long-term" + id: String! @stability(level: LongTerm) +} + +"The status of an IOC database table" +type IocTableInfo { + """ + The name of the indicator type in this table + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + status: IocTableStatus! @stability(level: LongTerm) + + """ + The number of milliseconds since epoch that the IOC database was last updated + Stability: Long-term + """ + lastUpdated: Long @stability(level: LongTerm) + + """ + The number of indicators in the database + Stability: Long-term + """ + count: Int! @stability(level: LongTerm) +} + +enum IocTableStatus { + Ok + Unauthorized + Unavailable +} + +"Represents information about the IP database used by LogScale" +type IpDatabaseInfo { + """ + The absolute file path of the file containing the database + Stability: Long-term + """ + dbFilePath: String! @stability(level: LongTerm) + + """ + The update strategy used for the IP Database + Stability: Long-term + """ + updateStrategy: String! @stability(level: LongTerm) + + """ + Metadata about the IP Database used by LogScale + Stability: Long-term + """ + metadata: IpDatabaseMetadata @stability(level: LongTerm) +} + +"Represents metadata about the IP database used by LogScale" +type IpDatabaseMetadata { + """ + The type of database + Stability: Long-term + """ + type: String! @stability(level: LongTerm) + + """ + The date on which the database was build + Stability: Long-term + """ + buildDate: DateTime! @stability(level: LongTerm) + + """ + The description of the database + Stability: Long-term + """ + description: String! @stability(level: LongTerm) + + """ + The md5 hash of the file containing the database + Stability: Long-term + """ + dbFileMd5: String! @stability(level: LongTerm) +} + +scalar JSON + +type KafkaClusterDescription { + "Stability: Short-term" + clusterID: String! @stability(level: ShortTerm) + + "Stability: Short-term" + nodes: [KafkaNode!]! @stability(level: ShortTerm) + + "Stability: Short-term" + controller: KafkaNode! @stability(level: ShortTerm) + + "Stability: Short-term" + logDirDescriptions: [KafkaLogDir!]! @stability(level: ShortTerm) + + "Stability: Short-term" + globalEventsTopic: KafkaTopicDescription! @stability(level: ShortTerm) + + "Stability: Short-term" + ingestTopic: KafkaTopicDescription! @stability(level: ShortTerm) + + "Stability: Short-term" + chatterTopic: KafkaTopicDescription! @stability(level: ShortTerm) +} + +"A Kafka event forwarder" +type KafkaEventForwarder implements EventForwarder { + """ + The Kafka topic the events should be forwarded to + Stability: Long-term + """ + topic: String! @stability(level: LongTerm) + + """ + The Kafka producer configuration used to forward events in the form of properties (x.y.z=abc). See https://library.humio.com/humio-server/ingesting-data-event-forwarders.html#kafka-configuration. + Stability: Long-term + """ + properties: String! @stability(level: LongTerm) + + """ + Id of the event forwarder + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + Name of the event forwarder + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + Description of the event forwarder + Stability: Long-term + """ + description: String! @stability(level: LongTerm) + + """ + Is the event forwarder enabled + Stability: Long-term + """ + enabled: Boolean! @stability(level: LongTerm) +} + +type KafkaLogDir { + "Stability: Short-term" + nodeID: Int! @stability(level: ShortTerm) + + "Stability: Short-term" + path: String! @stability(level: ShortTerm) + + "Stability: Short-term" + error: String @stability(level: ShortTerm) + + "Stability: Short-term" + topicPartitions: [KafkaNodeTopicPartitionLogDescription!]! @stability(level: ShortTerm) +} + +type KafkaNode { + "Stability: Short-term" + id: Int! @stability(level: ShortTerm) + + "Stability: Short-term" + host: String @stability(level: ShortTerm) + + "Stability: Short-term" + port: Int! @stability(level: ShortTerm) + + "Stability: Short-term" + rack: String @stability(level: ShortTerm) +} + +type KafkaNodeTopicPartitionLogDescription { + "Stability: Short-term" + topicPartition: KafkaTopicPartition! @stability(level: ShortTerm) + + "Stability: Short-term" + offset: Long! @stability(level: ShortTerm) + + "Stability: Short-term" + size: Long! @stability(level: ShortTerm) + + "Stability: Short-term" + isFuture: Boolean! @stability(level: ShortTerm) +} + +type KafkaTopicConfig { + "Stability: Short-term" + key: String! @stability(level: ShortTerm) + + "Stability: Short-term" + value: String! @stability(level: ShortTerm) +} + +type KafkaTopicConfigs { + "Stability: Short-term" + configs: [KafkaTopicConfig!]! @stability(level: ShortTerm) + + "Stability: Short-term" + defaultConfigs: [KafkaTopicConfig!]! @stability(level: ShortTerm) +} + +type KafkaTopicDescription { + "Stability: Short-term" + name: String! @stability(level: ShortTerm) + + "Stability: Short-term" + config: KafkaTopicConfigs! @stability(level: ShortTerm) + + "Stability: Short-term" + partitions: [KafkaTopicPartitionDescription!]! @stability(level: ShortTerm) +} + +"Kafka Topic Partition" +type KafkaTopicPartition { + "Stability: Short-term" + topic: String! @stability(level: ShortTerm) + + "Stability: Short-term" + partition: Int! @stability(level: ShortTerm) +} + +type KafkaTopicPartitionDescription { + "Stability: Short-term" + partition: Int! @stability(level: ShortTerm) + + "Stability: Short-term" + leader: Int! @stability(level: ShortTerm) + + "Stability: Short-term" + replicas: [Int!]! @stability(level: ShortTerm) + + "Stability: Short-term" + inSyncReplicas: [Int!]! @stability(level: ShortTerm) +} + +"Configuration key-value pair." +type KeyValueConfiguration { + "Stability: Preview" + configKey: String! @stability(level: Preview) + + "Stability: Preview" + configValue: String! @stability(level: Preview) +} + +"Configs for static key value pairs." +input KeyValueConfigurationInput { + "Key name of the config." + configKey: String! + + "Value of the config." + configValue: String! +} + +"The kind of the external function" +enum KindEnum { + Source + General + Enrichment +} + +"Defines how the external function is executed." +input KindInput { + "The name of the kind of external function." + name: KindEnum! + + "The parameters that specify the key fields. Use for the 'Enrichment' functions." + parametersDefiningKeyFields: [String!] + + "The names of the keys when they're returned from the external function. Use for the 'Enrichment' functions." + fixedKeyFields: [String!] +} + +"Defines how the external function is executed." +type KindOutput { + """ + The name of the kind of external function. + Stability: Preview + """ + name: KindEnum! @stability(level: Preview) + + """ + The parameters that specify the key fields. Use for the 'Enrichment' functions. + Stability: Preview + """ + parametersDefiningKeyFields: [String!] @stability(level: Preview) + + """ + The names of the keys when they're returned from the external function. Use for the 'Enrichment' functions. + Stability: Preview + """ + fixedKeyFields: [String!] @stability(level: Preview) +} + +type LabelsResult { + """ + Labels associated with the Entity Type(s) provided. Returns a maximum of 1000 distinct labels + Stability: Short-term + """ + labels: [String!]! @stability(level: ShortTerm) + + """ + The total number of distinct labels that exist + Stability: Short-term + """ + totalCount: Int! @stability(level: ShortTerm) +} + +type LanguageVersion { + """ + If non-null, this is a version known by the current version of LogScale. + Stability: Long-term + """ + name: LanguageVersionEnum @stability(level: LongTerm) + + """ + If non-null, this is a version stored by a future LogScale version. + Stability: Long-term + """ + futureName: String @stability(level: LongTerm) + + """ + The language version. + Stability: Long-term + """ + version: LanguageVersionOutputType! @stability(level: LongTerm) + + """ + If false, this version isn't recognized by the current version of LogScale. + It must have been stored by a future LogScale version. + This can happen if LogScale was upgraded, and subsequently downgraded (rolled back). + Stability: Long-term + """ + isKnown: Boolean! @stability(level: LongTerm) +} + +"The version of the LogScale query language to use." +enum LanguageVersionEnum { + legacy + xdr1 + xdrdetects1 + filteralert @deprecated(reason: "[DEPRECATED: This has no effect and is no longer used internally. Will be removed at the earliest in version 1.189]") + federated1 +} + +"A specific language version." +input LanguageVersionInputType { + "The name of the language version. The name is case insensitive." + name: String! +} + +"A specific language version." +type LanguageVersionOutputType { + """ + The name of the language version. The name is case insensitive. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) +} + +"Represents information about the LogScale instance." +interface License { + """ + The time at which the license expires. + Stability: Long-term + """ + expiresAt: DateTime! @stability(level: LongTerm) + + """ + The time at which the license was issued. + Stability: Long-term + """ + issuedAt: DateTime! @stability(level: LongTerm) +} + +"A Limit added to the organization." +type Limit { + """ + The limit name + Stability: Long-term + """ + limitName: String! @stability(level: LongTerm) + + """ + If the limit allows logging in + Stability: Long-term + """ + allowLogin: Boolean! @stability(level: LongTerm) + + """ + The daily ingest allowed for the limit + Stability: Long-term + """ + dailyIngest: Long! @stability(level: LongTerm) + + """ + The retention in days allowed for the limit + Stability: Long-term + """ + retention: Int! @stability(level: LongTerm) + + """ + If the limit allows self service + Stability: Long-term + """ + allowSelfService: Boolean! @stability(level: LongTerm) + + """ + The deleted date for the limit + Stability: Long-term + """ + deletedDate: Long @stability(level: LongTerm) +} + +"A Limit added to the organization." +type LimitV2 { + """ + The id + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + The limit name + Stability: Long-term + """ + limitName: String! @stability(level: LongTerm) + + """ + The display name of the limit + Stability: Long-term + """ + displayName: String! @stability(level: LongTerm) + + """ + If the limit allows logging in + Stability: Long-term + """ + allowLogin: Boolean! @stability(level: LongTerm) + + """ + The daily ingest allowed for the limit + Stability: Long-term + """ + dailyIngest: contractual! @stability(level: LongTerm) + + """ + The amount of storage allowed for the limit + Stability: Long-term + """ + storageLimit: contractual! @stability(level: LongTerm) + + """ + The data scanned measurement allowed for the limit + Stability: Long-term + """ + dataScannedLimit: contractual! @stability(level: LongTerm) + + """ + The usage measurement type used for the limit + Stability: Long-term + """ + measurementPoint: Organizations__MeasurementType! @stability(level: LongTerm) + + """ + The user seats allowed for the limit + Stability: Long-term + """ + userLimit: contractual! @stability(level: LongTerm) + + """ + The number of repositories allowed for the limit + Stability: Long-term + """ + repoLimit: Int @stability(level: LongTerm) + + """ + The retention in days for the limit, that's the contracted value + Stability: Long-term + """ + retention: Int! @stability(level: LongTerm) + + """ + The max retention in days allowed for the limit, this can be greater than or equal to retention + Stability: Long-term + """ + maxRetention: Int! @stability(level: LongTerm) + + """ + If the limit allows self service + Stability: Long-term + """ + allowSelfService: Boolean! @stability(level: LongTerm) + + """ + The deleted date for the limit + Stability: Long-term + """ + deletedDate: Long @stability(level: LongTerm) + + """ + The expiration date for the limit + Stability: Long-term + """ + expirationDate: Long @stability(level: LongTerm) + + """ + If the limit is a trial + Stability: Long-term + """ + trial: Boolean! @stability(level: LongTerm) + + """ + If the customer is allowed flight control + Stability: Long-term + """ + allowFlightControl: Boolean! @stability(level: LongTerm) + + """ + Data type for the limit, all repositories linked to the limit will get this datatype logged in usage + Stability: Long-term + """ + dataType: String! @stability(level: LongTerm) + + """ + Repositories attached to the limit + Stability: Long-term + """ + repositories: [Repository!]! @stability(level: LongTerm) +} + +type Limited implements contractual { + "\nStability: Long-term" + limit: Long! @stability(level: LongTerm) + + "\nStability: Long-term" + includeUsage: Boolean! @stability(level: LongTerm) +} + +"All data related to a scheduled report accessible with a readonly scheduled report access token" +type LimitedScheduledReport { + """ + Id of the scheduled report. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + Name of the scheduled report. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + Description of the scheduled report. + Stability: Long-term + """ + description: String! @stability(level: LongTerm) + + """ + Name of the dashboard referenced by the report. + Stability: Long-term + """ + dashboardName: String! @stability(level: LongTerm) + + """ + Display name of the dashboard referenced by the report. + Stability: Long-term + """ + dashboardDisplayName: String! @stability(level: LongTerm) + + """ + Shared time interval of the dashboard referenced by the report. + Stability: Long-term + """ + dashboardSharedTimeInterval: SharedDashboardTimeInterval @stability(level: LongTerm) + + """ + Widgets of the dashboard referenced by the report. + Stability: Long-term + """ + dashboardWidgets: [Widget!]! @stability(level: LongTerm) + + """ + Sections of the dashboard referenced by the report. + Stability: Long-term + """ + dashboardSections: [Section!]! @stability(level: LongTerm) + + """ + Series configurations of the dashboard referenced by the report. + Stability: Long-term + """ + dashboardSeries: [SeriesConfig!]! @stability(level: LongTerm) + + """ + The default color palette for widgets with series + Stability: Short-term + """ + dashboardSeriesColorPalette: String @stability(level: ShortTerm) + + """ + The name of the repository or view queries are executed against. + Stability: Long-term + """ + repoOrViewName: RepoOrViewName! @stability(level: LongTerm) + + """ + Layout of the scheduled report. + Stability: Long-term + """ + layout: ScheduledReportLayout! @stability(level: LongTerm) + + """ + Timezone of the schedule. Examples include UTC, Europe/Copenhagen. + Stability: Long-term + """ + timeZone: String! @stability(level: LongTerm) + + """ + List of parameter value configurations. + Stability: Long-term + """ + parameters: [ParameterValue!]! @stability(level: LongTerm) + + """ + The resource identifier for this scheduled report. + Stability: Short-term + """ + resource: String! @stability(level: ShortTerm) +} + +input LinkInput { + name: String! + token: String! +} + +"A widget that lists links to other dashboards." +type LinkWidget implements Widget { + "Stability: Preview" + labels: [String!]! @stability(level: Preview) + + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + title: String! @stability(level: LongTerm) + + "Stability: Long-term" + description: String @stability(level: LongTerm) + + "Stability: Long-term" + x: Int! @stability(level: LongTerm) + + "Stability: Long-term" + y: Int! @stability(level: LongTerm) + + "Stability: Long-term" + width: Int! @stability(level: LongTerm) + + "Stability: Long-term" + height: Int! @stability(level: LongTerm) +} + +"A local cluster connection." +type LocalClusterConnection implements ClusterConnection { + """ + Id of the local view to connect with + Stability: Short-term + """ + targetViewId: String! @stability(level: ShortTerm) + + """ + Name of the local view to connect with + Stability: Short-term + """ + targetViewName: RepoOrViewName! @stability(level: ShortTerm) + + "Stability: Short-term" + targetViewType: LocalTargetType! @stability(level: ShortTerm) + + """ + Id of the connection + Stability: Short-term + """ + id: String! @stability(level: ShortTerm) + + """ + Cluster identity of the connection + Stability: Short-term + """ + clusterId: String! @stability(level: ShortTerm) + + """ + Cluster connection tags + Stability: Short-term + """ + tags: [ClusterConnectionTag!]! @stability(level: ShortTerm) + + """ + Cluster connection query prefix + Stability: Short-term + """ + queryPrefix: String! @stability(level: ShortTerm) +} + +"The status of a local cluster connection." +type LocalClusterConnectionStatus implements ClusterConnectionStatus { + """ + Name of the local view + Stability: Short-term + """ + viewName: String @stability(level: ShortTerm) + + """ + Id of the connection + Stability: Short-term + """ + id: String @stability(level: ShortTerm) + + """ + Whether the connection is valid + Stability: Short-term + """ + isValid: Boolean! @stability(level: ShortTerm) + + """ + Errors if the connection is invalid + Stability: Short-term + """ + errorMessages: [ConnectionAspectErrorType!]! @stability(level: ShortTerm) +} + +"Indicates whether the target of a local cluster connection is a view or a repo" +enum LocalTargetType { + View + Repo +} + +"A fleet search result entry" +type LogCollector { + """ + If the collector is enrolled this is its id + Stability: Short-term + """ + id: String @stability(level: ShortTerm) + + """ + The hostname + Stability: Short-term + """ + hostname: String! @stability(level: ShortTerm) + + """ + The host system + Stability: Short-term + """ + system: String! @stability(level: ShortTerm) + + """ + Version + Stability: Short-term + """ + version: String! @stability(level: ShortTerm) + + """ + Last activity recorded + Stability: Short-term + """ + lastActivity: String! @stability(level: ShortTerm) + + """ + Ingest last 24h. + Stability: Short-term + """ + ingestLast24H: Long! @stability(level: ShortTerm) + + """ + Ip address + Stability: Short-term + """ + ipAddress: String @stability(level: ShortTerm) + + "\nStability: Short-term" + logSources: [LogCollectorLogSource!]! @stability(level: ShortTerm) + + """ + Log collector machineId + Stability: Short-term + """ + machineId: String! @stability(level: ShortTerm) + + """ + contains the name of any manually assigned config + Stability: Short-term + """ + configName: String @stability(level: ShortTerm) + + """ + contains the id of any manually assigned config + Stability: Short-term + """ + configId: String @stability(level: ShortTerm) + + "Stability: Short-term" + configurations: [LogCollectorConfigInfo!]! @stability(level: ShortTerm) + + "Stability: Short-term" + errors: [String!]! @stability(level: ShortTerm) + + "Stability: Short-term" + cfgTestId: String @stability(level: ShortTerm) + + "Stability: Short-term" + cpuAverage5Min: Float @stability(level: ShortTerm) + + "Stability: Short-term" + memoryMax5Min: Long @stability(level: ShortTerm) + + "Stability: Short-term" + diskMax5Min: Float @stability(level: ShortTerm) + + "Stability: Short-term" + change: Changes @stability(level: ShortTerm) + + "Stability: Short-term" + groups: [LogCollectorGroup!]! @stability(level: ShortTerm) + + "Stability: Short-term" + wantedVersion: String @stability(level: ShortTerm) + + "Stability: Short-term" + debugLogging: LogCollectorDebugLogging @stability(level: ShortTerm) + + "Stability: Short-term" + timeOfUpdate: DateTime @stability(level: ShortTerm) + + "Stability: Short-term" + usesRemoteUpdate: Boolean! @stability(level: ShortTerm) + + "Stability: Short-term" + ephemeralTimeout: Int @stability(level: ShortTerm) + + "Stability: Short-term" + status: LogCollectorStatusType @stability(level: ShortTerm) + + "Stability: Short-term" + labels: [LogCollectorLabel!]! @stability(level: ShortTerm) + + """ + Other log collector have same machine ID + Stability: Short-term + """ + duplicatedMachineIds: Boolean! @stability(level: ShortTerm) +} + +type LogCollectorConfigInfo { + "Stability: Short-term" + id: String! @stability(level: ShortTerm) + + "Stability: Short-term" + name: String! @stability(level: ShortTerm) + + "Stability: Short-term" + group: LogCollectorGroup @stability(level: ShortTerm) + + "Stability: Short-term" + assignment: LogCollectorConfigurationAssignmentType! @stability(level: ShortTerm) +} + +"A configuration file for a log collector" +type LogCollectorConfiguration { + "\nStability: Short-term" + id: String! @stability(level: ShortTerm) + + "\nStability: Short-term" + name: String! @stability(level: ShortTerm) + + "\nStability: Short-term" + yaml: String @stability(level: ShortTerm) + + "\nStability: Short-term" + draft: String @stability(level: ShortTerm) + + "\nStability: Short-term" + version: Int! @stability(level: ShortTerm) + + "\nStability: Short-term" + yamlCharactersCount: Int! @stability(level: ShortTerm) + + "Stability: Short-term" + modifiedAt: DateTime! @stability(level: ShortTerm) + + "Stability: Short-term" + draftModifiedAt: DateTime @stability(level: ShortTerm) + + "Stability: Short-term" + modifiedBy: String! @stability(level: ShortTerm) + + "Stability: Short-term" + instances: Int! @stability(level: ShortTerm) + + "Stability: Short-term" + description: String @stability(level: ShortTerm) + + "Stability: Short-term" + isTestRunning: Boolean! @stability(level: ShortTerm) +} + +enum LogCollectorConfigurationAssignmentType { + Group + Manual + Test +} + +type LogCollectorConfigurationProblemAtPath { + "Stability: Short-term" + summary: String! @stability(level: ShortTerm) + + "Stability: Short-term" + details: String @stability(level: ShortTerm) + + "Stability: Short-term" + path: String! @stability(level: ShortTerm) + + "Stability: Short-term" + number: Int! @stability(level: ShortTerm) +} + +union LogCollectorDebugLogging = LogCollectorDebugLoggingStatic + +type LogCollectorDebugLoggingStatic { + "Stability: Short-term" + url: String @stability(level: ShortTerm) + + "Stability: Short-term" + token: String! @stability(level: ShortTerm) + + "Stability: Short-term" + level: String! @stability(level: ShortTerm) + + "Stability: Short-term" + repository: String @stability(level: ShortTerm) +} + +"Details about a Log Collector" +type LogCollectorDetails { + """ + If the collector is enrolled this is its id + Stability: Short-term + """ + id: String @stability(level: ShortTerm) + + """ + The hostname + Stability: Short-term + """ + hostname: String! @stability(level: ShortTerm) + + """ + The host system + Stability: Short-term + """ + system: String! @stability(level: ShortTerm) + + """ + Version + Stability: Short-term + """ + version: String! @stability(level: ShortTerm) + + """ + Last activity recorded + Stability: Short-term + """ + lastActivity: String! @stability(level: ShortTerm) + + """ + Ip address + Stability: Short-term + """ + ipAddress: String @stability(level: ShortTerm) + + "\nStability: Short-term" + logSources: [LogCollectorLogSource!]! @stability(level: ShortTerm) + + """ + Log collector machineId + Stability: Short-term + """ + machineId: String! @stability(level: ShortTerm) + + "Stability: Short-term" + configurations: [LogCollectorConfigInfo!]! @stability(level: ShortTerm) + + "Stability: Short-term" + errors: [String!]! @stability(level: ShortTerm) + + "Stability: Short-term" + cpuAverage5Min: Float @stability(level: ShortTerm) + + "Stability: Short-term" + memoryMax5Min: Long @stability(level: ShortTerm) + + "Stability: Short-term" + diskMax5Min: Float @stability(level: ShortTerm) + + "Stability: Short-term" + ephemeralTimeout: Int @stability(level: ShortTerm) + + "Stability: Short-term" + status: LogCollectorStatusType @stability(level: ShortTerm) + + "Stability: Short-term" + labels: [LogCollectorLabel!]! @stability(level: ShortTerm) + + """ + Ingest last 24h. + Stability: Short-term + """ + ingestLast24H: Long @stability(level: ShortTerm) +} + +type LogCollectorGroup { + "Stability: Short-term" + id: String! @stability(level: ShortTerm) + + "Stability: Short-term" + name: String! @stability(level: ShortTerm) + + "Stability: Short-term" + filter: String @stability(level: ShortTerm) + + "Stability: Short-term" + configurations: [LogCollectorConfiguration!]! @stability(level: ShortTerm) + + "Stability: Short-term" + collectorCount: Int @stability(level: ShortTerm) + + "Stability: Short-term" + wantedVersion: String @stability(level: ShortTerm) + + "Stability: Short-term" + onlyUsesRemoteUpdates: Boolean! @stability(level: ShortTerm) +} + +type LogCollectorInstallCommand { + "Stability: Short-term" + windowsCommand: String! @stability(level: ShortTerm) + + "Stability: Short-term" + linuxCommand: String! @stability(level: ShortTerm) + + "Stability: Short-term" + macosCommand: String! @stability(level: ShortTerm) +} + +"Provides information about an installer of the LogScale Collector." +type LogCollectorInstaller { + """ + Installer file name + Stability: Short-term + """ + name: String! @stability(level: ShortTerm) + + """ + URL to fetch installer from + Stability: Short-term + """ + url: String! @stability(level: ShortTerm) + + """ + LogScale Collector version + Stability: Short-term + """ + version: String! @stability(level: ShortTerm) + + """ + Installer CPU architecture + Stability: Short-term + """ + architecture: String! @stability(level: ShortTerm) + + """ + Installer type (deb, rpm or msi) + Stability: Short-term + """ + type: String! @stability(level: ShortTerm) + + """ + Installer file size + Stability: Short-term + """ + size: Int! @stability(level: ShortTerm) + + """ + Config file example + Stability: Short-term + """ + configExample: String @stability(level: ShortTerm) + + """ + Icon file name + Stability: Short-term + """ + icon: String @stability(level: ShortTerm) +} + +type LogCollectorLabel { + "Stability: Short-term" + name: String! @stability(level: ShortTerm) + + "Stability: Short-term" + value: String! @stability(level: ShortTerm) +} + +type LogCollectorLogSource { + "\nStability: Short-term" + sourceName: String! @stability(level: ShortTerm) + + "\nStability: Short-term" + sourceType: String! @stability(level: ShortTerm) + + "\nStability: Short-term" + sinkType: String! @stability(level: ShortTerm) + + "\nStability: Short-term" + parser: String @stability(level: ShortTerm) + + "\nStability: Short-term" + repository: String @stability(level: ShortTerm) +} + +type LogCollectorMergedConfiguration { + "Stability: Short-term" + problems: [LogCollectorConfigurationProblemAtPath!]! @stability(level: ShortTerm) + + "Stability: Short-term" + content: String! @stability(level: ShortTerm) +} + +enum LogCollectorStatusType { + Error + OK +} + +type LoginBridge { + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + issuer: String! @stability(level: LongTerm) + + "Stability: Long-term" + description: String! @stability(level: LongTerm) + + "Stability: Long-term" + remoteId: String! @stability(level: LongTerm) + + "Stability: Long-term" + loginUrl: String! @stability(level: LongTerm) + + "Stability: Long-term" + relayStateUUrl: String! @stability(level: LongTerm) + + "Stability: Long-term" + samlEntityId: String! @stability(level: LongTerm) + + "Stability: Long-term" + publicSamlCertificate: String! @stability(level: LongTerm) + + "Stability: Long-term" + groupAttribute: String! @stability(level: LongTerm) + + "Stability: Long-term" + organizationIdAttributeName: String! @stability(level: LongTerm) + + "Stability: Long-term" + organizationNameAttributeName: String @stability(level: LongTerm) + + "Stability: Long-term" + additionalAttributes: String @stability(level: LongTerm) + + "Stability: Long-term" + groups: [String!]! @stability(level: LongTerm) + + "Stability: Long-term" + allowedUsers: [User!]! @stability(level: LongTerm) + + "Stability: Long-term" + generateUserName: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + termsDescription: String! @stability(level: LongTerm) + + "Stability: Long-term" + termsLink: String! @stability(level: LongTerm) + + "Stability: Long-term" + showTermsAndConditions: Boolean! @stability(level: LongTerm) + + """ + True if any user in this organization has logged in to CrowdStream via LogScale. Requires manage organizations permissions + Stability: Long-term + """ + anyUserAlreadyLoggedInViaLoginBridge: Boolean! @stability(level: LongTerm) +} + +input LoginBridgeInput { + name: String! + description: String! + issuer: String! + remoteId: String! + loginUrl: String! + relayStateUrl: String! + samlEntityId: String! + privateSamlCertificate: String! + publicSamlCertificate: String! + allowedUsers: [String!]! + groupAttribute: String! + groups: [String!]! + organizationIdAttributeName: String! + additionalAttributes: String + organizationNameAttribute: String + generateUserName: Boolean! + termsDescription: String! + termsLink: String! +} + +type LoginBridgeRequest { + "Stability: Long-term" + samlResponse: String! @stability(level: LongTerm) + + "Stability: Long-term" + loginUrl: String! @stability(level: LongTerm) + + "Stability: Long-term" + relayState: String! @stability(level: LongTerm) +} + +input LoginBridgeUpdateInput { + name: String + description: String + issuer: String + remoteId: String + loginUrl: String + relayStateUrl: String + samlEntityId: String + privateSamlCertificate: String + publicSamlCertificate: String + allowedUsers: [String!] + groupAttribute: String + groups: [String!] + organizationIdAttributeName: String + additionalAttributes: String + organizationNameAttribute: String + generateUserName: Boolean + termsDescription: String + termsLink: String +} + +"The `Long` scalar type represents non-fractional signed whole numeric values. Long can represent values between -(2^63) and 2^63 - 1." +scalar Long + +"The specification of a long parameter." +input LongParameterInput { + "An optional default value for the parameter. If a default value is not present, the paremeter is required. If present, it must be between min and max, if they are specified." + defaultValue: Long + + "An optional, inclusive minimum value for the parameter. If both min and max are specified, min must not be greater than max." + min: Long + + "An optional, inclusive maximum value for the parameter. If both min and max are specified, max must not be less than min." + max: Long +} + +type LookupFileTemplate { + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + displayName: String! @stability(level: LongTerm) + + "Stability: Long-term" + content: String! @stability(level: LongTerm) +} + +input MarkLimitDeletedInput { + limitName: String! + deleted: Boolean! +} + +scalar Markdown + +"A place for LogScale to find packages." +type Marketplace { + """ + Gets all categories in the marketplace. + Stability: Long-term + """ + categoryGroups: [MarketplaceCategoryGroup!]! @stability(level: LongTerm) +} + +"A category that can be used to filter search results in the marketplace." +type MarketplaceCategory { + """ + A display string for the category. + Stability: Long-term + """ + title: String! @stability(level: LongTerm) + + """ + The id is used to filter the searches. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) +} + +"A grouping of categories that can be used to filter search results in the marketplace." +type MarketplaceCategoryGroup { + """ + A display string for the category group. + Stability: Long-term + """ + title: String! @stability(level: LongTerm) + + """ + The categories that are members of the group. + Stability: Long-term + """ + categories: [MarketplaceCategory!]! @stability(level: LongTerm) +} + +enum MergeStrategy { + Ours + Theirs +} + +input MigrateLimitsInput { + createLogLimit: Boolean! + defaultLimit: String +} + +"User or token used to modify the asset." +interface ModifiedInfo { + """ + Timestamp of when the asset was last modified + Stability: Long-term + """ + modifiedAt: Long! @stability(level: LongTerm) +} + +"Modified information missing" +type ModifiedInfoMissing implements ModifiedInfo { + """ + Timestamp of when the asset was last modified + Stability: Long-term + """ + modifiedAt: Long! @stability(level: LongTerm) +} + +"Modified by a supporter" +type ModifiedInfoSupporter implements ModifiedInfo { + """ + Timestamp of when the asset was last modified + Stability: Long-term + """ + modifiedAt: Long! @stability(level: LongTerm) +} + +"Modified by the system" +type ModifiedInfoSystem implements ModifiedInfo { + """ + Timestamp of when the asset was last modified + Stability: Long-term + """ + modifiedAt: Long! @stability(level: LongTerm) +} + +"Modified using a token" +type ModifiedInfoToken implements ModifiedInfo { + """ + Id of the token used to modify the asset. + Stability: Long-term + """ + tokenId: String! @stability(level: LongTerm) + + """ + Timestamp of when the asset was last modified + Stability: Long-term + """ + modifiedAt: Long! @stability(level: LongTerm) +} + +"Modified by a user" +type ModifiedInfoUser implements ModifiedInfo { + """ + User who modified the asset. If null, the user is deleted. + Stability: Long-term + """ + user: User @stability(level: LongTerm) + + """ + Timestamp of when the asset was last modified + Stability: Long-term + """ + modifiedAt: Long! @stability(level: LongTerm) +} + +type MonthlyIngest { + "Stability: Long-term" + monthly: [UsageOnDay!]! @stability(level: LongTerm) +} + +"Query result for monthly ingest" +union MonthlyIngestQueryResult = QueryInProgress | MonthlyIngest + +type MonthlyStorage { + "Stability: Long-term" + monthly: [StorageOnDay!]! @stability(level: LongTerm) +} + +"Query result for monthly storage" +union MonthlyStorageQueryResult = QueryInProgress | MonthlyStorage + +type Mutation { + """ + Will clear the search limit and excluded repository making future searches done on this view behave normally, i.e. having no search time-limit applied + Stability: Preview + """ + ClearSearchLimitForSearchDomain( + "Data for clearing the search limit on a search domain." + input: ClearSearchLimitForSearchDomain!): View! @stability(level: Preview) + + """ + Will update search limit, which will restrict future searches to the specified limit, a list of repository names can be supplied and will not be restricted by this limit. + Stability: Preview + """ + SetSearchLimitForSearchDomain( + "Data for updating search limit on a search domain." + input: SetSearchLimitForSearchDomain!): View! @stability(level: Preview) + + """ + Client accepts LogScale's Terms and Conditions without providing any additional info + Stability: Long-term + """ + acceptTermsAndConditions: Account! @stability(level: LongTerm) + + """ + Activates a user account supplying additional personal info. By activating the account the client accepts LogScale's Terms and Conditions: https://www.humio.com/terms-and-conditions + Stability: Long-term + """ + activateAccount( + "The first name of the user." + firstName: String!, + + "The last name of the user." + lastName: String!, + + "The email address of the user." + email: String!, + + "The name of company the user represents or is associated with." + company: String!, + + "The two letter ISO 3166-1 Alpha-2 country code for the country where the company is located." + countryCode: String!, + + "Optional country subdivision following ISO 3166-2." + stateCode: String, + + "Optional zip code. Required for community mode." + zip: String, + + "Optional phone number. Required for community mode." + phoneNumber: String, utmParams: UtmParams): Account! @stability(level: LongTerm) + + """ + Add labels to an action. There can be at most 10 labels with a max length of 60 characters per label. Returns the updated action if successfully updated or null with errors if unsuccessful. + Stability: Long-term + """ + addActionLabels( + "Data for adding labels to an action." + input: AddActionLabels!): Action @stability(level: LongTerm) + + "Add a label to an aggregate alert." + addAggregateAlertLabel( + "Data for adding a label to an aggregate alert." + input: AddAggregateAlertLabel!): Boolean! @deprecated(reason: "[DEPRECATED: Added a new version which supports adding a list of labels instead of just one. Use 'addAggregateAlertLabels' instead. Will be removed at the earliest in version 1.273]") + + """ + Add labels to an aggregate alert. There can be at most 10 labels with a max length of 60 characters per label. Will return the updated aggregate alert if successfully updated and null with errors if unsuccessful. + Stability: Long-term + """ + addAggregateAlertLabels( + "Data for adding labels to an aggregate alert." + input: AddAggregateAlertLabels!): AggregateAlert @stability(level: LongTerm) + + "Add a label to an alert." + addAlertLabelV2( + "Data for adding a label to an alert" + input: AddAlertLabel!): Alert! @deprecated(reason: "[DEPRECATED: Added a new version which supports adding a list of labels instead of just one. Use 'addLegacyAlertLabels' instead. Will be removed at the earliest in version 1.273]") + + "Stability: Preview" + addCrossOrgViewConnections(input: AddCrossOrganizationViewConnectionFiltersInput!): View! @stability(level: Preview) + + """ + Add a new filter to a dashboard's list of filters. + Stability: Long-term + """ + addDashboardFilter(name: String!, prefixFilter: String!, id: String!, searchDomainName: String!): Dashboard! @stability(level: LongTerm) + + "Add a label to a dashboard." + addDashboardLabel(id: String!, label: String!): Dashboard! @deprecated(reason: "[DEPRECATED: Added a new version which supports adding a list of labels instead of just one. Use 'addDashboardLabels' instead. Will be removed at the earliest in version 1.273]") + + """ + Add labels to a dashboard. There can be at most 10 labels with a max length of 60 characters per label. Will return the updated dashboard if successful or null with errors if unsuccessful. + Stability: Long-term + """ + addDashboardLabels( + "Data for adding labels to a dashboard." + input: AddDashboardLabels!): Dashboard @stability(level: LongTerm) + + """ + Adds a field alias mapping to an existing schema. Returns the ID of the alias mapping if created successfully. + Stability: Long-term + """ + addFieldAliasMapping(input: AddAliasMappingInput!): String! @stability(level: LongTerm) + + """ + Add labels to a file. There can be at most 10 labels at a time, with a max length of 60 characters per label. Will return the updated file if successful or null with errors if adding labels failed. + Stability: Long-term + """ + addFileLabels( + "Input type for adding labels to a file." + input: AddFileLabels!): File @stability(level: LongTerm) + + "Add a label to a filter alert." + addFilterAlertLabel( + "Data for adding a label to a filter alert." + input: AddFilterAlertLabel!): Boolean! @deprecated(reason: "[DEPRECATED: Added a new version which supports adding a list of labels instead of just one. Use 'addFilterAlertLabels' instead. Will be removed at the earliest in version 1.273]") + + """ + Add labels to a filter alert. There can be at most 10 labels with a max length of 60 characters per label. Will return the updated filter alert if successfully updated and null with errors if unsuccessful. + Stability: Long-term + """ + addFilterAlertLabels( + "Data for adding labels to a filter alert." + input: AddFilterAlertLabels!): FilterAlert @stability(level: LongTerm) + + """ + Enable functions for use with specified language version. + Stability: Preview + """ + addFunctionsToAllowList(input: FunctionListInput!): Boolean! @stability(level: Preview) + + """ + Creates a new group. + Stability: Long-term + """ + addGroup(displayName: String!, lookupName: String): AddGroupMutation! @stability(level: LongTerm) + + """ + Create a new Ingest API Token. + Stability: Long-term + """ + addIngestTokenV3(input: AddIngestTokenV3Input!): IngestToken! @stability(level: LongTerm) + + """ + Add labels to a legacy alert. There can be at most 10 labels with a max length of 60 characters per label. Will return the updated legacy alert if successfully updated and null with errors if unsuccessful. + Stability: Long-term + """ + addLegacyAlertLabels( + "Data for adding labels to a legacy alert" + input: AddLegacyAlertLabels!): Alert @stability(level: LongTerm) + + "Add a Limit to the given organization" + addLimit(input: AddLimitInput!): Boolean! @deprecated(reason: "[DEPRECATED: This mutation has been replaced by its V2 variant. Use 'addLimitV2' instead. Will be removed at the earliest in version 1.201]") + + """ + Add a Limit to the given organization + Stability: Long-term + """ + addLimitV2(input: AddLimitV2Input!): LimitV2! @stability(level: LongTerm) + + "Stability: Long-term" + addLoginBridgeAllowedUsers(userID: String!): LoginBridge! @stability(level: LongTerm) + + """ + Add or update default Query Quota Settings + Stability: Short-term + """ + addOrUpdateQueryQuotaDefaultSettings(input: QueryQuotaDefaultSettingsInput!): QueryQuotaDefaultSettings! @stability(level: ShortTerm) + + """ + Add or update existing Query Quota User Settings + Stability: Short-term + """ + addOrUpdateQueryQuotaUserSettings(input: QueryQuotaUserSettingsInput!): QueryQuotaUserSettings! @stability(level: ShortTerm) + + """ + Enable transfer of segments and files under an organization to be moved to its respective bucket. + Stability: Long-term + """ + addOrganizationForBucketTransfer( + "Allow transfers from and to the same locations in bucket storage" + allowInPlaceMigration: Boolean): Boolean! @stability(level: LongTerm) + + """ + Adds a query to the list of recent queries. The query is a JSON encoded query and visualization structure produced by the UI. + Stability: Long-term + """ + addRecentQuery(input: AddRecentQueryInput!): AddRecentQuery! @stability(level: LongTerm) + + """ + Add labels to a saved query. There can be at most 10 labels with a max length of 60 characters per label. Will return the updated saved query if successfully updated, or null with errors if unsuccessful. + Stability: Long-term + """ + addSavedQueryLabels( + "Data for adding labels to a saved query." + input: AddSavedQueryLabels!): SavedQuery @stability(level: LongTerm) + + "Add a label to a scheduled search." + addScheduledSearchLabel( + "Data for adding a label to a scheduled search" + input: AddLabelScheduledSearch!): ScheduledSearch! @deprecated(reason: "[DEPRECATED: Added a new version which supports adding a list of labels instead of just one. Use 'addScheduledSearchLabels' instead. Will be removed at the earliest in version 1.273]") + + """ + Add labels to a scheduled search. There can be at most 10 labels with a max length of 60 characters per label. Will return the updated scheduled search if successfully updated and null with errors if unsuccessful. + Stability: Long-term + """ + addScheduledSearchLabels( + "Data for adding labels to a scheduled search" + input: AddScheduledSearchLabels!): ScheduledSearch @stability(level: LongTerm) + + """ + Add a star to a dashboard. + Stability: Long-term + """ + addStarToDashboard(id: String!): Dashboard! @stability(level: LongTerm) + + "Stability: Long-term" + addStarToField(input: AddStarToFieldInput!): AddStarToFieldMutation! @stability(level: LongTerm) + + """ + Add a star to a repository or view. + Stability: Long-term + """ + addStarToSearchDomain(name: String!): SearchDomain! @stability(level: LongTerm) + + """ + Adds a subdomain to the organization. Becomes primary subdomain if no primary has been set, and secondary otherwise + Stability: Preview + """ + addSubdomain(input: AddSubdomainInput!): Organization! @stability(level: Preview) + + """ + Blocklist a query based on a pattern based on a regex or exact match. + Stability: Long-term + """ + addToBlocklist( + "Data for adding to the blocklist" + input: AddToBlocklistInput!): [BlockedQuery!]! @stability(level: LongTerm) + + """ + Blocklist a query based on a pattern based on a regex or exact match. + Stability: Long-term + """ + addToBlocklistById( + "Data for adding to the blocklist" + input: AddToBlocklistByIdInput!): [BlockedQuery!]! @stability(level: LongTerm) + + "Stability: Long-term" + addToLogCollectorConfigurationTest(configId: String!, collectorIds: [String!]!): FleetConfigurationTest! @stability(level: LongTerm) + + """ + Add or invite a user. Calling this with an invitation token, will activate the account. By activating the account the client accepts LogScale's Terms and Conditions: https://www.humio.com/terms-and-conditions + Stability: Long-term + """ + addUserV2(input: AddUserInputV2!): userOrPendingUser! @stability(level: LongTerm) + + """ + Adds users to an existing group. + Stability: Long-term + """ + addUsersToGroup(input: AddUsersToGroupInput!): AddUsersToGroupMutation! @stability(level: LongTerm) + + "Stability: Short-term" + assignLogCollectorConfiguration(configId: String, id: String!): Boolean! @stability(level: ShortTerm) + + "Stability: Short-term" + assignLogCollectorsToConfiguration(configId: String, ids: [String!]): [EnrolledCollector!]! @stability(level: ShortTerm) + + """ + Assigns an organization management role to a group for the provided organizations. + Stability: Preview + """ + assignOrganizationManagementRoleToGroup(input: AssignOrganizationManagementRoleToGroupInput!): AssignOrganizationManagementRoleToGroupMutation! @stability(level: Preview) + + """ + Assigns an organization role to a group. + Stability: Long-term + """ + assignOrganizationRoleToGroup(input: AssignOrganizationRoleToGroupInput!): AssignOrganizationRoleToGroupMutation! @stability(level: LongTerm) + + """ + Assign an ingest token to be associated with a parser. + Stability: Long-term + """ + assignParserToIngestTokenV2(input: AssignParserToIngestTokenInputV2!): IngestToken! @stability(level: LongTerm) + + """ + Assigns permissions to users or groups for resource. + Stability: Short-term + """ + assignPermissionsForResources(input: [PermissionAssignmentInputType!]!): [UserOrGroup!]! @stability(level: ShortTerm) + + """ + Assigns a role to a group for a given view. If called with overrideExistingAssignmentsForView=false, this mutation can assign multiple roles for the same view. Calling with overrideExistingAssignmentsForView=false is thus only available if the MultipleViewRoleBindings feature is enabled. + Stability: Long-term + """ + assignRoleToGroup(input: AssignRoleToGroupInput!): AssignRoleToGroupMutation! @stability(level: LongTerm) + + """ + Assigns a system role to a group. + Stability: Long-term + """ + assignSystemRoleToGroup(input: AssignSystemRoleToGroupInput!): AssignSystemRoleToGroupMutation! @stability(level: LongTerm) + + """ + Assign node tasks. This is not a replacement, but will add to the existing assigned node tasks. Returns the set of assigned tasks after the assign operation has completed. + Stability: Short-term + """ + assignTasks( + "ID of the node to assign node tasks to." + nodeID: Int!, + + "List of tasks to assign." + tasks: [NodeTaskEnum!]!): [NodeTaskEnum!]! @stability(level: ShortTerm) + + """ + Assigns roles for the user in the search domain. This mutation allows assigning multiple roles for the same view and is thus dependent on the MultipleViewRoleBindings feature being enabled. + Stability: Short-term + """ + assignUserRolesInSearchDomain(input: AssignUserRolesInSearchDomainInput!): [User!]! @stability(level: ShortTerm) + + """ + Batch update query ownership to run queries on behalf of the organization for triggers and shared dashboards. + Stability: Long-term + """ + batchUpdateQueryOwnership(input: BatchUpdateQueryOwnershipInput!): Boolean! @stability(level: LongTerm) + + """ + Block ingest to the specified repository for a number of seconds (at most 1 year) into the future + Stability: Short-term + """ + blockIngest(repositoryName: String!, seconds: Int!): BlockIngestMutation! @stability(level: ShortTerm) + + """ + Set whether the organization is blocking ingest and dataspaces are pausing ingest + Stability: Long-term + """ + blockIngestOnOrg(input: BlockIngestOnOrgInput!): Organization! @stability(level: LongTerm) + + """ + Cancel deletion of a secret handle. + Stability: Preview + """ + cancelDeleteSecretHandle( + "Input for canceling the deletion of a secret handle." + input: CancelDeleteSecretHandleInput!): Boolean! @stability(level: Preview) + + """ + Cancel a previously submitted redaction. Returns true if the redaction was cancelled, false otherwise. Cancellation is best effort. If some events have already been redacted, they are not restored. + Stability: Long-term + """ + cancelRedactEvents(input: CancelRedactEventsInput!): Boolean! @stability(level: LongTerm) + + """ + Updates the user and group role assignments in the search domain. + Stability: Long-term + """ + changeUserAndGroupRolesForSearchDomain(searchDomainId: String!, groups: [GroupRoleAssignment!]!, users: [UserRoleAssignment!]!): [UserOrGroup!]! @stability(level: LongTerm) + + """ + Set CID of provisioned organization + Stability: Short-term + """ + clearCid: Organization! @stability(level: ShortTerm) + + """ + Clear the error status on an aggregate alert. The status will be updated if the error reoccurs. + Stability: Long-term + """ + clearErrorOnAggregateAlert( + "Data for clearing the error on an aggregate alert." + input: ClearErrorOnAggregateAlertInput!): AggregateAlert! @stability(level: LongTerm) + + """ + Clear the error status on an alert. The status will be updated if the error reoccurs. + Stability: Long-term + """ + clearErrorOnAlert( + "Data for clearing the error on an alert" + input: ClearErrorOnAlertInput!): Alert! @stability(level: LongTerm) + + """ + Clear the error status on a filter alert. The status will be updated if the error reoccurs. + Stability: Long-term + """ + clearErrorOnFilterAlert( + "Data for clearing the error on a filter alert" + input: ClearErrorOnFilterAlertInput!): FilterAlert! @stability(level: LongTerm) + + """ + Clear the error status on a scheduled search. The status will be updated if the error reoccurs. + Stability: Long-term + """ + clearErrorOnScheduledSearch( + "Data for clearing the error on a scheduled search" + input: ClearErrorOnScheduledSearchInput!): ScheduledSearch! @stability(level: LongTerm) + + """ + Clears UI configurations for all fields for the current user + Stability: Long-term + """ + clearFieldConfigurations(input: ClearFieldConfigurationsInput!): Boolean! @stability(level: LongTerm) + + """ + Clear recent queries for current user on a given view or repository. + Stability: Long-term + """ + clearRecentQueries(input: ClearRecentQueriesInput!): Boolean! @stability(level: LongTerm) + + """ + Create a clone of an existing parser. + Stability: Long-term + """ + cloneParser(input: CloneParserInput!): Parser! @stability(level: LongTerm) + + """ + Unregisters a node from the cluster. + Stability: Long-term + """ + clusterUnregisterNode( + "Force removal of the node. I hope you know what you are doing!" + force: Boolean!, + + "ID of the node to unregister." + nodeID: Int!): UnregisterNodeMutation! @stability(level: LongTerm) + + """ + Configures Azure archiving for a repository. E.g. bucket. + Stability: Preview + """ + configureAzureArchiving(repositoryName: String!, bucket: String!, format: ArchivingFormat!, tagOrderInName: [String!], startFromDateTime: DateTime, endAtDateTime: DateTime): BooleanResultType! @stability(level: Preview) + + """ + Create a clone of a dashboard. + Stability: Long-term + """ + copyDashboard(id: String!, + + "The name of the repository or view where the dashboard to be copied to." + targetSearchDomainName: String, + + "The name of the repository or view where the dashboard to be copied from." + sourceSearchDomainName: String!, + + "The name the copied dashboard should have." + name: String!): CopyDashboardMutation! @stability(level: LongTerm) + + """ + Create a clone of a saved query. + Stability: Preview + """ + copySavedQuery(id: String!, + + "The name of the repository or view where the saved query to be copied to." + targetSearchDomainName: String, + + "The name of the repository or view where the saved query to be copied from." + sourceSearchDomainName: String!, + + """ + The name the copied saved query should have. + If not provided, the original name will be used. + If omitted and sourceSearchDomainName == targetSearchDomainName, the new name will the name of the original query with " (copied)" appended to the end. + """ + name: String): CopySavedQueryMutation! @stability(level: Preview) + + """ + Create an action from a package action template. + Stability: Long-term + """ + createActionFromPackageTemplate( + "The name of the view the package is installed in." + viewName: String!, + + "The id of the package to fetch the action template from." + packageId: VersionedPackageSpecifier!, + + "The name of the action template in the package." + actionTemplateName: String!, + + "The name of the new action to create." + overrideName: String): CreateActionFromPackageTemplateMutation! @stability(level: LongTerm) + + """ + Create an action from yaml template + Stability: Long-term + """ + createActionFromTemplate( + "Data for creating an action from a yaml template" + input: CreateActionFromTemplateInput!): Action! @stability(level: LongTerm) + + """ + Create an aggregate alert. + Stability: Long-term + """ + createAggregateAlert( + "Data for creating an aggregate alert." + input: CreateAggregateAlert!): AggregateAlert! @stability(level: LongTerm) + + """ + Create an alert. + Stability: Long-term + """ + createAlert( + "Data for creating an alert" + input: CreateAlert!): Alert! @stability(level: LongTerm) + + """ + Create an ingest feed that uses AWS S3 and SQS + Stability: Long-term + """ + createAwsS3SqsIngestFeed( + "Data for creating an ingest feed that uses AWS S3 and SQS" + input: CreateAwsS3SqsIngestFeed!): IngestFeed! @stability(level: LongTerm) + + """ + Create an ingest feed that uses Azure Event Hubs. + Stability: Preview + """ + createAzureEventHubIngestFeed( + "Data for creating an ingest feed that uses Azure Event Hubs." + input: CreateAzureEventHubIngestFeed!): IngestFeed! @stability(level: Preview) + + "Stability: Preview" + createCrossOrgView(input: CreateCrossOrgViewInput!): View! @stability(level: Preview) + + """ + Create a custom link interaction. + Stability: Long-term + """ + createCustomLinkInteraction(input: CreateCustomLinkInteractionInput!): InteractionId! @stability(level: LongTerm) + + """ + Create a dashboard. + Stability: Long-term + """ + createDashboard(input: CreateDashboardInput!): CreateDashboardMutation! @stability(level: LongTerm) + + """ + Create a dashboard from a package dashboard template. + Stability: Long-term + """ + createDashboardFromPackageTemplate( + "The name of the view the package is installed in." + viewName: String!, + + "The id of the package to fetch the dashboard template from." + packageId: VersionedPackageSpecifier!, + + "The name of the dashboard template in the package." + dashboardTemplateName: String!, + + "The name of the new dashboard to create." + overrideName: String): CreateDashboardFromPackageTemplateMutation! @stability(level: LongTerm) + + """ + Create a dashboard from a yaml specification. + Stability: Long-term + """ + createDashboardFromTemplateV2( + "Data for creating a dashboard from a yaml specification." + input: CreateDashboardFromTemplateV2Input!): Dashboard! @stability(level: LongTerm) + + """ + Create a dashboard link interaction. + Stability: Long-term + """ + createDashboardLinkInteraction(input: CreateDashboardLinkInteractionInput!): InteractionId! @stability(level: LongTerm) + + """ + Gets or create a new demo data view. + Stability: Short-term + """ + createDemoDataRepository(demoDataType: String!): Repository! @stability(level: ShortTerm) + + """ + Create an email action. + Stability: Long-term + """ + createEmailAction( + "Data for creating an email action" + input: CreateEmailAction!): EmailAction! @stability(level: LongTerm) + + """ + Create an organization. Root operation. + Stability: Long-term + """ + createEmptyOrganization(name: String!, description: String, organizationId: String, subdomain: String, cid: String): Organization! @stability(level: LongTerm) + + """ + Create an event forwarding rule on a repository and return it + Stability: Long-term + """ + createEventForwardingRule( + "Data for creating an event forwarding rule" + input: CreateEventForwardingRule!): EventForwardingRule! @stability(level: LongTerm) + + """ + Create an FDR feed + Stability: Long-term + """ + createFdrFeed( + "Data for creating an FDR feed" + input: CreateFdrFeed!): FdrFeed! @stability(level: LongTerm) + + """ + Creates a schema. If another schema already exists with the same name, then this overwrites it. + Stability: Long-term + """ + createFieldAliasSchema(input: CreateFieldAliasSchemaInput!): FieldAliasSchema! @stability(level: LongTerm) + + """ + Creates a field aliasing schema from a YAML file + Stability: Preview + """ + createFieldAliasSchemaFromTemplate(input: CreateFieldAliasSchemaFromTemplateInput!): FieldAliasSchema! @stability(level: Preview) + + """ + Create a filter alert. + Stability: Long-term + """ + createFilterAlert( + "Data for creating a filter alert" + input: CreateFilterAlert!): FilterAlert! @stability(level: LongTerm) + + "Stability: Long-term" + createFleetInstallToken(name: String!, configId: String, expiresAt: Long): FleetInstallationToken! @stability(level: LongTerm) + + """ + Create a LogScale repository action. + Stability: Long-term + """ + createHumioRepoAction( + "Data for creating a LogScale repository action" + input: CreateHumioRepoAction!): HumioRepoAction! @stability(level: LongTerm) + + """ + Create a new IP filter. + Stability: Long-term + """ + createIPFilter(input: IPFilterInput!): IPFilter! @stability(level: LongTerm) + + """ + Create a new ingest listener. + Stability: Long-term + """ + createIngestListenerV3(input: CreateIngestListenerV3Input!): IngestListener! @stability(level: LongTerm) + + """ + Create a Kafka event forwarder and return it + Stability: Long-term + """ + createKafkaEventForwarder( + "Data for creating a Kafka event forwarder" + input: CreateKafkaEventForwarder!): KafkaEventForwarder! @stability(level: LongTerm) + + """ + Create a cluster connection to a local view. + Stability: Short-term + """ + createLocalClusterConnection( + "Data for creating a local multi-cluster connection" + input: CreateLocalClusterConnectionInput!): LocalClusterConnection! @stability(level: ShortTerm) + + """ + Creates a log collector configuration. + Stability: Short-term + """ + createLogCollectorConfiguration(name: String!, draft: String): LogCollectorConfiguration! @stability(level: ShortTerm) + + "Stability: Short-term" + createLogCollectorGroup(name: String!, filter: String, configIds: [String!]): LogCollectorGroup! @stability(level: ShortTerm) + + """ + Create a lookup file from a package lookup file template. + Stability: Long-term + """ + createLookupFileFromPackageTemplate( + "The name of the view the package is installed in." + viewName: RepoOrViewName!, + + "The id of the package to fetch the lookup file template from." + packageId: VersionedPackageSpecifier!, + + "The filename of the lookup file template in the package." + lookupFileTemplateName: String!, + + "The name of the new lookup file to create." + overrideName: String): FileNameAndPath! @stability(level: LongTerm) + + """ + Create an OpsGenie action. + Stability: Long-term + """ + createOpsGenieAction( + "Data for creating an OpsGenie action" + input: CreateOpsGenieAction!): OpsGenieAction! @stability(level: LongTerm) + createOrUpdateCrossOrganizationView(name: String!, limitIds: [String!]!, filter: String, repoFilters: [RepoFilterInput!]): View! @deprecated(reason: "[DEPRECATED: Should no longer be used. Use 'createCrossOrgView' instead. Will be removed at the earliest in version 1.177]") + + """ + Creates or updates an external function specification. + Stability: Preview + """ + createOrUpdateExternalFunction(input: CreateOrUpdateExternalFunctionInput!): ExternalFunctionSpecificationOutput! @stability(level: Preview) + + """ + Creates or updates a remote table configuration. + Stability: Preview + """ + createOrUpdateRemoteTableConfig(input: CreateOrUpdateRemoteTableConfigInput!): RemoteTableConfig! @stability(level: Preview) + + """ + Create a organization permissions token for organizational-level access. + Stability: Long-term + """ + createOrganizationPermissionsToken(input: CreateOrganizationPermissionTokenInput!): String! @stability(level: LongTerm) + + """ + Creates an organization permissions token with the specified permissions. + Stability: Long-term + """ + createOrganizationPermissionsTokenV2(input: CreateOrganizationPermissionsTokenV2Input!): CreateOrganizationPermissionsTokenV2Output! @stability(level: LongTerm) + + """ + Create a metric view, usage view and log view for each organization. (Root operation) + Stability: Long-term + """ + createOrganizationsViews(includeDebugView: Boolean, specificOrganization: String): Boolean! @stability(level: LongTerm) + + """ + Create a PagerDuty action. + Stability: Long-term + """ + createPagerDutyAction( + "Data for creating a PagerDuty action." + input: CreatePagerDutyAction!): PagerDutyAction! @stability(level: LongTerm) + + """ + Create a parser from a package parser template. + Stability: Long-term + """ + createParserFromPackageTemplate( + "The name of the view the package is installed in." + viewName: String!, + + "The id of the package to fetch the parser template from." + packageId: VersionedPackageSpecifier!, + + "The name of the parser template in the package." + parserTemplateName: String!, + + "The name of the new parser to create." + overrideName: String): CreateParserFromPackageTemplateMutation! @stability(level: LongTerm) + + """ + Create a parser from a yaml specification + Stability: Long-term + """ + createParserFromTemplate( + "Data for creating a parser from a yaml template" + input: CreateParserFromTemplateInput!): Parser! @stability(level: LongTerm) + + """ + Create a parser. + Stability: Long-term + """ + createParserV2(input: CreateParserInputV2!): Parser! @stability(level: LongTerm) + + """ + Create a personal user token for the user. It will inherit the same permissions as the user. + Stability: Long-term + """ + createPersonalUserToken(input: CreatePersonalUserTokenInput!): String! @stability(level: LongTerm) + + """ + Create a personal user token for the user. It will inherit the same permissions as the user. + Stability: Long-term + """ + createPersonalUserTokenV2(input: CreatePersonalUserTokenV2Input!): CreatePersonalUserTokenV2Output! @stability(level: LongTerm) + + """ + Create a new sharable link to a dashboard. + Stability: Long-term + """ + createReadonlyToken( + "Dashboard id" + id: String!, name: String!, ipFilterId: String, + + "Ownership of the queries run by this shared dashboard. If value is User, ownership wil be based the calling user" + queryOwnershipType: QueryOwnershipType = User): DashboardLink! @stability(level: LongTerm) + + """ + Create a cluster connection to a remote view. + Stability: Short-term + """ + createRemoteClusterConnection( + "Data for creating a remote cluster connection" + input: CreateRemoteClusterConnectionInput!): RemoteClusterConnection! @stability(level: ShortTerm) + + """ + Create a new repository. + Stability: Short-term + """ + createRepository(name: String!, description: String, retentionInMillis: Long, retentionInIngestSizeBytes: Long, retentionInStorageSizeBytes: Long, organizationId: String, type: RepositoryType, repositoryId: String, dataType: RepositoryDataType, + + "The limit the repository should be attached to, only a cloud feature. If not specified a default will be found and used" + limitId: String): CreateRepositoryMutation! @stability(level: ShortTerm) + + """ + Adds a role. Only usable if roles are not managed externally, e.g. in LDAP. + Stability: Long-term + """ + createRole(input: AddRoleInput!): AddRoleMutation! @stability(level: LongTerm) + + """ + Create an S3 action. + Stability: Long-term + """ + createS3Action( + "Data for creating an S3 action." + input: CreateS3Action!): S3Action! @stability(level: LongTerm) + + """ + Create a saved query. + Stability: Long-term + """ + createSavedQuery(input: CreateSavedQueryInput!): CreateSavedQueryPayload! @stability(level: LongTerm) + + """ + Create a saved query from a package saved query template. + Stability: Long-term + """ + createSavedQueryFromPackageTemplate( + "The name of the view the package is installed in." + viewName: String!, + + "The id of the package to fetch the saved query template from." + packageId: VersionedPackageSpecifier!, + + "The name of the saved query template in the package." + savedQueryTemplateName: String!, + + "The name of the new saved query to create." + overrideName: String): CreateSavedQueryFromPackageTemplateMutation! @stability(level: LongTerm) + + """ + Create a saved query from a YAML template. + Stability: Preview + """ + createSavedQueryFromTemplate( + "Data for creating a saved query from a yaml template." + input: CreateSavedQueryFromTemplateInput!): SavedQuery! @stability(level: Preview) + + """ + Create a scheduled report. + Stability: Long-term + """ + createScheduledReport( + "Data for creating a scheduled report." + input: CreateScheduledReportInput!): ScheduledReport! @stability(level: LongTerm) + + "Create a scheduled search." + createScheduledSearch( + "Data for creating a scheduled search" + input: CreateScheduledSearch!): ScheduledSearch! @deprecated(reason: "[DEPRECATED: Does not support scheduled searches on @ingesttimestamp. Use 'createScheduledSearchV2' instead. Will be removed at the earliest in version 1.237]") + + """ + Create a scheduled search. + Stability: Long-term + """ + createScheduledSearchV2( + "Data for creating a scheduled search" + input: CreateScheduledSearchV2!): ScheduledSearch! @stability(level: LongTerm) + + """ + Create a search link interaction. + Stability: Long-term + """ + createSearchLinkInteraction(input: CreateSearchLinkInteractionInput!): InteractionId! @stability(level: LongTerm) + + """ + Create a Slack action. + Stability: Long-term + """ + createSlackAction( + "Data for creating a Slack action." + input: CreateSlackAction!): SlackAction! @stability(level: LongTerm) + + """ + Create a post message Slack action. + Stability: Long-term + """ + createSlackPostMessageAction( + "Data for creating a post message Slack action." + input: CreatePostMessageSlackAction!): SlackPostMessageAction! @stability(level: LongTerm) + + """ + Create a system permissions token for system-level access. + Stability: Long-term + """ + createSystemPermissionsToken(input: CreateSystemPermissionTokenInput!): String! @stability(level: LongTerm) + + """ + Creates a system permissions token with the specified permissions. + Stability: Long-term + """ + createSystemPermissionsTokenV2(input: CreateSystemPermissionTokenV2Input!): CreateSystemPermissionsTokenV2Output! @stability(level: LongTerm) + + """ + Create an upload file action. + Stability: Long-term + """ + createUploadFileAction( + "Data for creating an upload file action." + input: CreateUploadFileAction!): UploadFileAction! @stability(level: LongTerm) + + """ + Create a VictorOps action. + Stability: Long-term + """ + createVictorOpsAction( + "Data for creating a VictorOps action." + input: CreateVictorOpsAction!): VictorOpsAction! @stability(level: LongTerm) + + """ + Create a new view. + Stability: Long-term + """ + createView(name: String!, description: String, connections: [ViewConnectionInput!], federatedViews: [String!], isFederated: Boolean): View! @stability(level: LongTerm) + + """ + Create a view permission token. The permissions will take effect across all the views. + Stability: Long-term + """ + createViewPermissionsToken(input: CreateViewPermissionsTokenInput!): String! @stability(level: LongTerm) + + """ + Creates a view permissions token with the specified permissions on the views specified in the 'viewIds' field. + Stability: Long-term + """ + createViewPermissionsTokenV2(input: CreateViewPermissionsTokenV2Input!): CreateViewPermissionsTokenV2Output! @stability(level: LongTerm) + + """ + Create a webhook action. + Stability: Long-term + """ + createWebhookAction( + "Data for creating a webhook action." + input: CreateWebhookAction!): WebhookAction! @stability(level: LongTerm) + + "Delete an action." + deleteAction( + "Data for deleting an action." + input: DeleteAction!): Boolean! @deprecated(reason: "[DEPRECATED: There is now an updated V2 version of this mutation. Use 'deleteActionV2' instead. Will be removed at the earliest in version 1.267]") + + """ + Delete an action. Will return true if successful, false if the scheduled search does not exist, and null with errors for other failures. + Stability: Long-term + """ + deleteActionV2( + "Data for deleting an action." + input: DeleteActionV2!): Boolean @stability(level: LongTerm) + + "Delete an aggregate alert." + deleteAggregateAlert( + "Data for deleting an aggregate alert." + input: DeleteAggregateAlert!): Boolean! @deprecated(reason: "[DEPRECATED: There is now an updated V2 version of this mutation. Use 'deleteAggregateAlertV2' instead. Will be removed at the earliest in version 1.267]") + + """ + Delete an aggregate alert. Will return true if successful, false if the aggregate alert does not exist, and null with errors for other failures. + Stability: Long-term + """ + deleteAggregateAlertV2( + "Data for deleting an aggregate alert." + input: DeleteAggregateAlert!): Boolean @stability(level: LongTerm) + + "Delete an alert." + deleteAlert( + "Data for deleting an alert" + input: DeleteAlert!): Boolean! @deprecated(reason: "[DEPRECATED: There is now an updated version of this mutation. Use 'deleteLegacyAlert' instead. Will be removed at the earliest in version 1.267]") + + """ + Delete a cluster connection from a view. + Stability: Short-term + """ + deleteClusterConnection( + "Data for deleting a cluster connection" + input: DeleteClusterConnectionInput!): Boolean! @stability(level: ShortTerm) + + "Delete a dashboard." + deleteDashboard(input: DeleteDashboardInput!): DeleteDashboardMutation! @deprecated(reason: "[DEPRECATED: Does not properly support batching operations. Use 'deleteDashboardV3' instead. Will be removed at the earliest in version 1.261]") + + "Delete a dashboard by looking up the view with the given viewId and then the dashboard in the view with the given dashboardId." + deleteDashboardV2(input: DeleteDashboardInputV2!): SearchDomain! @deprecated(reason: "[DEPRECATED: Does not properly support batching operations. Use 'deleteDashboardV3' instead. Will be removed at the earliest in version 1.261]") + + """ + Delete dashboard. Returns true if the dashboard was successfully deleted, and false if it could not be found. + Stability: Long-term + """ + deleteDashboardV3( + "Data for deleting a dashboard." + input: DeleteDashboard!): Boolean @stability(level: LongTerm) + + """ + Delete an event forwarder + Stability: Long-term + """ + deleteEventForwarder( + "Data for deleting an event forwarder" + input: DeleteEventForwarderInput!): Boolean! @stability(level: LongTerm) + + """ + Delete an event forwarding rule on a repository + Stability: Long-term + """ + deleteEventForwardingRule( + "Data for deleting an event forwarding rule" + input: DeleteEventForwardingRule!): Boolean! @stability(level: LongTerm) + + """ + Deletes a given external function specification. + Stability: Preview + """ + deleteExternalFunction(input: deleteExternalFunctionInput!): Boolean! @stability(level: Preview) + + """ + Delete an FDR feed + Stability: Long-term + """ + deleteFdrFeed( + "Data for deleting an FDR feed" + input: DeleteFdrFeed!): Boolean! @stability(level: LongTerm) + + """ + Delete a feature flag. + Stability: Short-term + """ + deleteFeatureFlag(feature: String!): Boolean! @stability(level: ShortTerm) + + """ + Deletes an alias mapping. + Stability: Long-term + """ + deleteFieldAliasSchema(input: DeleteFieldAliasSchema!): Boolean! @stability(level: LongTerm) + + """ + Delete a file. Will return true if successful, false if the file does not exist, and null with errors for other failures. + Stability: Long-term + """ + deleteFile(fileName: String!, name: String!): Boolean @stability(level: LongTerm) + + "Delete a filter alert." + deleteFilterAlert( + "Data for deleting a filter alert" + input: DeleteFilterAlert!): Boolean! @deprecated(reason: "[DEPRECATED: There is now an updated V2 version of this mutation. Use 'deleteFilterAlertV2' instead. Will be removed at the earliest in version 1.267]") + + """ + Delete a filter alert. Will return true if successful, false if the filter alert does not exist, and null with errors for other failures. + Stability: Long-term + """ + deleteFilterAlertV2( + "Data for deleting a filter alert" + input: DeleteFilterAlert!): Boolean @stability(level: LongTerm) + + "Stability: Long-term" + deleteFleetInstallToken(token: String!): Boolean! @stability(level: LongTerm) + + """ + Delete IP filter. + Stability: Long-term + """ + deleteIPFilter(input: IPFilterIdInput!): Boolean! @stability(level: LongTerm) + + """ + For deleting an identity provider. Root operation. + Stability: Long-term + """ + deleteIdentityProvider(id: String!): Boolean! @stability(level: LongTerm) + + """ + Delete an ingest feed + Stability: Long-term + """ + deleteIngestFeed( + "Data for deleting an ingest feed" + input: DeleteIngestFeed!): Boolean! @stability(level: LongTerm) + + """ + Delete an ingest listener. + Stability: Long-term + """ + deleteIngestListener(id: String!): BooleanResultType! @stability(level: LongTerm) + + "Delete an interaction." + deleteInteraction( + "Data for deleting an interaction." + input: DeleteInteractionInput!): Boolean! @deprecated(reason: "[DEPRECATED: There is now an updated V2 version of this mutation. Use 'deleteInteractionV2' instead. Will be removed at the earliest in version 1.267]") + + """ + Delete an interaction. Will return true if successful, false if the interaction does not exist, and null with errors for other failures. + Stability: Long-term + """ + deleteInteractionV2( + "Data for deleting an interaction." + input: DeleteInteractionInput!): Boolean @stability(level: LongTerm) + + """ + Delete a legacy alert. Will return true if successful, false if the legacy alert does not exist, and null with errors for other failures. + Stability: Long-term + """ + deleteLegacyAlert( + "Data for deleting an alert" + input: DeleteAlertV2!): Boolean @stability(level: LongTerm) + + "Stability: Long-term" + deleteLogCollectorConfiguration(configId: String!, versionId: Int!): Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + deleteLogCollectorGroup(id: String!): Boolean! @stability(level: LongTerm) + + "Stability: Preview" + deleteLostCollectors(dryRun: Boolean! = true, days: Int!): Int! @stability(level: Preview) + + """ + Delete notification from the system. Requires root. + Stability: Long-term + """ + deleteNotification(notificationId: String!): Boolean! @stability(level: LongTerm) + + "Delete a parser." + deleteParser(input: DeleteParserInput!): BooleanResultType! @deprecated(reason: "[DEPRECATED: There is now an updated V2 version of this mutation. Use 'deleteParserV2' instead. Will be removed at the earliest in version 1.267]") + + """ + Delete a parser. Will return true if successful, false if the parser does not exist, and null with errors for other failures. + Stability: Long-term + """ + deleteParserV2( + "Data for deleting a parser." + input: DeleteParserInput!): Boolean @stability(level: LongTerm) + + """ + Remove a shared link to a dashboard. + Stability: Long-term + """ + deleteReadonlyToken(id: String!, token: String!): BooleanResultType! @stability(level: LongTerm) + + """ + Deletes a given remote table config. The return value is not relevant. It will always return true, if the operation completed successfully, and return a non-200 response, if the operation failed + Stability: Preview + """ + deleteRemoteTableConfig(input: DeleteRemoteTableConfigInput!): Boolean! @stability(level: Preview) + + "Deletes a saved query." + deleteSavedQuery(input: DeleteSavedQueryInput!): BooleanResultType! @deprecated(reason: "[DEPRECATED: There is now an updated V2 version of this mutation. Use 'deleteSavedQueryV2' instead. Will be removed at the earliest in version 1.267]") + + """ + Delete a saved query. Will return true if successful, false if the saved query does not exist, and null with errors for other failures. + Stability: Long-term + """ + deleteSavedQueryV2( + "Data for deleting a saved query." + input: DeleteSavedQuery!): Boolean @stability(level: LongTerm) + + """ + Delete a scheduled report. + Stability: Long-term + """ + deleteScheduledReport(input: DeleteScheduledReportInput!): Boolean! @stability(level: LongTerm) + + "Delete a scheduled search." + deleteScheduledSearch( + "Data for deleting a scheduled search" + input: DeleteScheduledSearch!): Boolean! @deprecated(reason: "[DEPRECATED: Creating an updated v2 mutation. Use 'deleteScheduledSearchV2' instead. Will be removed at the earliest in version 1.267]") + + """ + Delete a scheduled search. Will return true if successful, false if the scheduled search does not exist, and null with errors for other failures. + Stability: Long-term + """ + deleteScheduledSearchV2( + "Data for deleting a scheduled search" + input: DeleteScheduledSearchV2!): Boolean @stability(level: LongTerm) + + """ + Delete a repository or view. + Stability: Long-term + """ + deleteSearchDomain(name: String!, deleteMessage: String): BooleanResultType! @stability(level: LongTerm) + + """ + Delete a repository or view. + Stability: Long-term + """ + deleteSearchDomainById(input: DeleteSearchDomainByIdInput!): Boolean! @stability(level: LongTerm) + + """ + Delete a token + Stability: Long-term + """ + deleteToken(input: InputData!): Boolean! @stability(level: LongTerm) + + "Disable an aggregate alert." + disableAggregateAlert( + "Data for disabling an aggregate alert." + input: DisableAggregateAlert!): Boolean! @deprecated(reason: "[DEPRECATED: Use 'disableAggregateAlertV2' instead. Will be removed at the earliest in version 1.273]") + + """ + Disable an aggregate alert. + Stability: Long-term + """ + disableAggregateAlertV2( + "Data for disabling an aggregate alert." + input: DisableAggregateAlert!): AggregateAlert @stability(level: LongTerm) + + "Disable an alert." + disableAlert( + "Data for disabling a legacy alert" + input: DisableAlert!): Boolean! @deprecated(reason: "[DEPRECATED: Use 'disableLegacyAlert' instead. Will be removed at the earliest in version 1.273]") + + """ + Disables the archiving job for the repository. + Stability: Short-term + """ + disableArchiving(repositoryName: String!): BooleanResultType! @stability(level: ShortTerm) + + """ + Removes demo view. + Stability: Short-term + """ + disableDemoDataForUser: Boolean! @stability(level: ShortTerm) + + """ + Disables an event forwarder + Stability: Long-term + """ + disableEventForwarder( + "Data for disabling an event forwarder" + input: DisableEventForwarderInput!): Boolean! @stability(level: LongTerm) + + """ + Disable a feature. + Stability: Short-term + """ + disableFeature(feature: FeatureFlag!): Boolean! @stability(level: ShortTerm) + + """ + Disable a feature for a specific organization. + Stability: Short-term + """ + disableFeatureForOrg(orgId: String!, feature: FeatureFlag!): Boolean! @stability(level: ShortTerm) + + """ + Disable a feature for a specific user. + Stability: Short-term + """ + disableFeatureForUser(feature: FeatureFlag!, userId: String!): Boolean! @stability(level: ShortTerm) + + """ + Disables the schema on this organization. + Stability: Long-term + """ + disableFieldAliasSchemaOnOrg(input: DisableFieldAliasSchemaOnOrgInput!): Boolean! @stability(level: LongTerm) + + """ + Disables the schema on the given view or repository. + Stability: Long-term + """ + disableFieldAliasSchemaOnView(input: DisableFieldAliasSchemaOnViewInput!): Boolean! @stability(level: LongTerm) + + """ + Disables the schema on the given views or repositories. + Stability: Preview + """ + disableFieldAliasSchemaOnViews(input: DisableFieldAliasSchemaOnViewsInput!): Boolean! @stability(level: Preview) + + "Disable a filter alert." + disableFilterAlert( + "Data for disabling a filter alert" + input: DisableFilterAlert!): Boolean! @deprecated(reason: "[DEPRECATED: Use 'disableFilterAlertV2' instead. Will be removed at the earliest in version 1.273]") + + """ + Disable a filter alert. + Stability: Long-term + """ + disableFilterAlertV2( + "Data for disabling a filter alert" + input: DisableFilterAlert!): FilterAlert @stability(level: LongTerm) + + """ + Disable a legacy alert. + Stability: Long-term + """ + disableLegacyAlert( + "Data for disabling a legacy alert" + input: DisableAlert!): Alert @stability(level: LongTerm) + + "Stability: Short-term" + disableLogCollectorDebugLogging: Boolean! @stability(level: ShortTerm) + + "Stability: Short-term" + disableLogCollectorInstanceDebugLogging(id: String!): Boolean! @stability(level: ShortTerm) + + """ + Disable access to IOCs (indicators of compromise) for an organization. (Requires Organization Manager Permission) + Stability: Short-term + """ + disableOrganizationIocAccess( + "Data for disabling access to IOCs (indicators of compromise) for an organization" + input: DisableOrganizationIocAccess!): Organization! @stability(level: ShortTerm) + + """ + Disable a scheduled report. + Stability: Long-term + """ + disableScheduledReport(input: DisableScheduledReportInput!): Boolean! @stability(level: LongTerm) + + "Disable execution of a scheduled search." + disableScheduledSearch( + "Data for disabling a scheduled search" + input: DisableStarScheduledSearch!): ScheduledSearch! @deprecated(reason: "[DEPRECATED: Use 'disableScheduledSearchV2' instead. Will be removed at the earliest in version 1.273]") + + """ + Disable execution of a scheduled search + Stability: Long-term + """ + disableScheduledSearchV2( + "Data for disabling a scheduled search" + input: DisableScheduledSearch!): ScheduledSearch @stability(level: LongTerm) + + """ + Disable query tracing on worker nodes for queries with the given quota key + Stability: Preview + """ + disableWorkerQueryTracing( + "The quota key to disable tracing for" + quotaKey: String!): Boolean! @stability(level: Preview) + + """ + Dismiss notification for specific user, if allowed by notification type. + Stability: Long-term + """ + dismissNotification(notificationId: String!): Boolean! @stability(level: LongTerm) + + "Enable an aggregate alert." + enableAggregateAlert( + "Data for enabling an aggregate alert." + input: EnableAggregateAlert!): Boolean! @deprecated(reason: "[DEPRECATED: Use 'enableAggregateAlertV2' instead. Will be removed at the earliest in version 1.273]") + + """ + Enable an aggregate alert. + Stability: Long-term + """ + enableAggregateAlertV2( + "Data for enabling an aggregate alert." + input: EnableAggregateAlert!): AggregateAlert @stability(level: LongTerm) + + "Enable an alert." + enableAlert( + "Data for enabling a legacy alert" + input: EnableAlert!): Boolean! @deprecated(reason: "[DEPRECATED: Use 'enableLegacyAlert' instead. Will be removed at the earliest in version 1.273]") + + """ + Enables the archiving job for the repository. + Stability: Short-term + """ + enableArchiving(repositoryName: String!): BooleanResultType! @stability(level: ShortTerm) + + """ + Gets or create a new demo data view. + Stability: Short-term + """ + enableDemoDataForUser(demoDataType: String!): View! @stability(level: ShortTerm) + + """ + Enables an event forwarder + Stability: Long-term + """ + enableEventForwarder( + "Data for enabling an event forwarder" + input: EnableEventForwarderInput!): Boolean! @stability(level: LongTerm) + + """ + Enable a feature. + Stability: Short-term + """ + enableFeature(feature: FeatureFlag!, + + "Enable feature flag regardless of verification result" + skipVerification: Boolean): Boolean! @stability(level: ShortTerm) + + """ + Enable a feature for a specific organization. + Stability: Short-term + """ + enableFeatureForOrg(orgId: String!, feature: FeatureFlag!, + + "Enable feature flag regardless of verification result" + skipVerification: Boolean): Boolean! @stability(level: ShortTerm) + + """ + Enable a feature for a specific user. + Stability: Short-term + """ + enableFeatureForUser(feature: FeatureFlag!, userId: String!, + + "Enable feature flag regardless of verification result" + skipVerification: Boolean): Boolean! @stability(level: ShortTerm) + + """ + Enables the schema on this organization. Field alias mappings in this schema will be active during search across all views and repositories within this org. + Stability: Long-term + """ + enableFieldAliasSchemaOnOrg(input: EnableFieldAliasSchemaOnOrgInput!): Boolean! @stability(level: LongTerm) + + """ + Enables the schema on the given list of views or repositories. + Field alias mappings in this schema will be active during search within this view or repository. + If at least one view fails to be enabled on the given view, then no changes are performed on any of the views. + Stability: Long-term + """ + enableFieldAliasSchemaOnViews(input: EnableFieldAliasSchemaOnViewsInput!): Boolean! @stability(level: LongTerm) + + "Enable a filter alert." + enableFilterAlert( + "Data for enabling a filter alert" + input: EnableFilterAlert!): Boolean! @deprecated(reason: "[DEPRECATED: Use 'enableFilterAlertV2' instead. Will be removed at the earliest in version 1.273]") + + """ + Enable a filter alert. + Stability: Long-term + """ + enableFilterAlertV2( + "Data for enabling a filter alert" + input: EnableFilterAlert!): FilterAlert @stability(level: LongTerm) + + """ + Enable a legacy alert. + Stability: Long-term + """ + enableLegacyAlert( + "Data for enabling a legacy alert" + input: EnableAlert!): Alert @stability(level: LongTerm) + + "Stability: Short-term" + enableLogCollectorDebugLogging(url: String, token: String!, level: String!, repository: String): Boolean! @stability(level: ShortTerm) + + "Stability: Short-term" + enableLogCollectorInstanceDebugLogging(id: String!, url: String, token: String!, level: String!, repositoryName: String): Boolean! @stability(level: ShortTerm) + + """ + Enable access to IOCs (indicators of compromise) for an organization. (Requires Organization Manager Permission). + Stability: Short-term + """ + enableOrganizationIocAccess( + "Data for enabling access to IOCs (indicators of compromise) for an organization" + input: EnableOrganizationIocAccess!): Organization! @stability(level: ShortTerm) + + """ + Enable a scheduled report. + Stability: Long-term + """ + enableScheduledReport(input: EnableScheduledReportInput!): Boolean! @stability(level: LongTerm) + + "Enable execution of a scheduled search." + enableScheduledSearch( + "Data for enabling a scheduled search" + input: EnableStarScheduledSearch!): ScheduledSearch! @deprecated(reason: "[DEPRECATED: Use 'enableScheduledSearchV2' instead. Will be removed at the earliest in version 1.273]") + + """ + Enable execution of a scheduled search. + Stability: Long-term + """ + enableScheduledSearchV2( + "Data for enabling a scheduled search" + input: EnableScheduledSearch!): ScheduledSearch @stability(level: LongTerm) + + """ + Enable query tracing on worker nodes for queries with the given quota key + Stability: Preview + """ + enableWorkerQueryTracing(input: EnableWorkerQueryTracingInputType!): Boolean! @stability(level: Preview) + + """ + Extend a Cloud Trial. (Requires Root Permissions) + Stability: Short-term + """ + extendCloudTrial(organizationId: String!, days: Int!): Boolean! @stability(level: ShortTerm) + + """ + Set the primary bucket target for the organization. + Stability: Long-term + """ + findOrCreateBucketStorageEntity(organizationId: String!): Int! @stability(level: LongTerm) + + """ + Configures GCS archiving for a repository. E.g. bucket. + Stability: Preview + """ + gcsConfigureArchiving(repositoryName: String!, bucket: String!, format: ArchivingFormat!, tagOrderInName: [String!], startFromDateTime: DateTime, endAtDateTime: DateTime): BooleanResultType! @stability(level: Preview) + + """ + Installs a package in a specific view. + Stability: Long-term + """ + installPackageFromRegistryV2(InstallPackageFromRegistryInput: InstallPackageFromRegistryInput!): InstallPackageFromRegistryResult! @stability(level: LongTerm) + + """ + Installs a package from file provided in multipart/form-data (name=file) in a specific view. + Stability: Long-term + """ + installPackageFromZip( + "The name of the view the package is installed in." + viewName: String!, + + "Overwrite existing installed package" + overwrite: Boolean, + + "Ownership of the queries run by the triggers (e.g. alerts and scheduled searches) that are installed as part of this package. If value is User, ownership will be based on the calling user." + queryOwnershipType: QueryOwnershipType = User): InstallPackageFromZipResult! @stability(level: LongTerm) + + "\nStability: Short-term" + killQuery(viewName: String!, pattern: String!): BooleanResultType! @stability(level: ShortTerm) + + """ + Enable a or disable language restrictions for specified version. + Stability: Preview + """ + languageRestrictionsEnable(input: EnabledInput!): Boolean! @stability(level: Preview) + + "Stability: Preview" + linkChildOrganization(childId: String!): OrganizationLink! @stability(level: Preview) + + """ + Log UI Action. + Stability: Short-term + """ + logAnalytics(input: AnalyticsLog!): Boolean! @stability(level: ShortTerm) + + """ + Log UI Action. + Stability: Preview + """ + logAnalyticsBatch(input: [AnalyticsLogWithTimestamp!]!): Boolean! @stability(level: Preview) + + """ + Logs a service level indicator to the humio repo with #kind=frontend. + Stability: Preview + """ + logFrontendServiceLevelIndicators(input: [ServiceLevelIndicatorLogArg!]!): Boolean! @stability(level: Preview) + + """ + Logs out of a users session. + Stability: Long-term + """ + logoutOfSession: Boolean! @stability(level: LongTerm) + + "Set a limits deleted mark" + markLimitDeleted(input: MarkLimitDeletedInput!): Boolean! @deprecated(reason: "[DEPRECATED: This mutation is deprecated and will be removed in the future. Will be removed at the earliest in version 1.228]") + + """ + Migrate all organizations to the new Limits model (requires root). + Stability: Long-term + """ + migrateToNewLimits(input: MigrateLimitsInput!): Boolean! @stability(level: LongTerm) + + """ + For setting up a new Azure AD OIDC idp. Root operation. + Stability: Long-term + """ + newAzureAdOidcIdentityProvider(name: String!, tenantId: String!, clientID: String!, clientSecret: String!, domains: [String!]!, enableDebug: Boolean = false, scopeClaim: String): OidcIdentityProvider! @stability(level: LongTerm) + + """ + Create new file + Stability: Long-term + """ + newFile(fileName: String!, name: String!, labels: [String!]): UploadedFileSnapshot! @stability(level: LongTerm) + + """ + For setting up a new OIDC idp. Root operation. + Stability: Long-term + """ + newOIDCIdentityProvider(input: OidcConfigurationInput!): OidcIdentityProvider! @stability(level: LongTerm) + + "Stability: Long-term" + newSamlIdentityProvider( + "Optional specify the ID externally (root only)" + id: String, name: String!, signOnUrl: String!, idpCertificateInBase64: String, idpEntityId: String!, domains: [String!]!, groupMembershipAttribute: String, userAttribute: String, enableDebug: Boolean = false, + + "Only used internal" + adminAttribute: String, + + "Only used internal" + adminAttributeMatch: String, + + "If multiple Idp's are defined the default idp is used whenever redirecting to login" + defaultIdp: Boolean, + + "Only used internal" + humioOwned: Boolean, + + "Lazy create users during login" + lazyCreateUsers: Boolean, + + "An alternative certificate to be used for IdP signature validation. Useful for handling certificate rollover" + alternativeIdpCertificateInBase64: String, + + "The SAML metadata endpoint to fetch IdP signing certificate from" + metadataEndpointUrl: String): SamlIdentityProvider! @stability(level: LongTerm) + + """ + Create notification. Required permissions depends on targets. + Examples: + mutation{notify(Target:Group, ids: ["GroupId1", "GroupId2"],...)} #Notify users in group1 and group2 + mutation{notify(Target:OrgRoot, ids: ["OrgId1", "OrgId2"],...)} # Notify org roots in org1 and org2 + mutation{notify(Target:Root,...)} #Notify all root users + mutation{notify(Target:All,...)} # Notify all users + mutation{notify(Target:All,["UserId1", "UserId2", "UserId3"],...)} #Notify user 1, 2 & 3 + + Stability: Long-term + """ + notify(input: NotificationInput!): Notification! @stability(level: LongTerm) + + "Override whether feature should be rolled out." + overrideRolledOutFeatureFlag(feature: FeatureFlag!, rollOut: Boolean!): Boolean! @deprecated(reason: "[DEPRECATED: Use the enableFeature/disableFeature mutations instead. Use 'Use the enableFeature/disableFeature mutations instead' instead. Will be removed at the earliest in version 1.189]") + + """ + Proxy mutation through a specific organization. Root operation. + Stability: Long-term + """ + proxyOrganization(organizationId: String!): Organization! @stability(level: LongTerm) + + """ + Updates a log collector configuration. + Stability: Short-term + """ + publishLogCollectorConfiguration(id: String!, yaml: String, currentVersion: Int!): LogCollectorConfiguration! @stability(level: ShortTerm) + + """ + Recover the organization with the given id. + Stability: Short-term + """ + recoverOrganization(organizationId: String!): Organization! @stability(level: ShortTerm) + + """ + Redact events matching a certain query within a certain time interval. Returns the id of the submitted redaction task + Stability: Long-term + """ + redactEvents(input: RedactEventsInputType!): String! @stability(level: LongTerm) + + """ + Update the query asset lookup view for a view. When set, asset lookups (saved queries, lookup files, field aliasing) will exclusively use the alternative view instead of the current view. To clear the reference, leave out the alternativeViewName field or set it to null. + Stability: Preview + """ + redirectQueryAssetLookupTo( + "Data for updating the query asset lookup view for a view." + input: RedirectQueryAssetLookupTo!): SearchDomain! @stability(level: Preview) + + """ + Force a refresh of the ClusterManagementStats cache and return reasonsNodeCannotBeSafelyUnregistered for the specified node. + Stability: Preview + """ + refreshClusterManagementStats( + "Id of the node for which refreshed data must be retrieved." + nodeId: Int!): RefreshClusterManagementStatsMutation! @stability(level: Preview) + + """ + Refresh the list of regions + Stability: Short-term + """ + refreshRegions: Boolean! @stability(level: ShortTerm) + + """ + Remove labels from an action, at most 100 at a time. Returns the updated action if successfully updated or null with errors if unsuccessful. + Stability: Long-term + """ + removeActionLabels( + "Data for removing labels from an action." + input: RemoveActionLabels!): Action @stability(level: LongTerm) + + "Remove a label from an aggregate alert." + removeAggregateAlertLabel( + "Data for removing a label to an aggregate alert." + input: RemoveAggregateAlertLabel!): Boolean! @deprecated(reason: "[DEPRECATED: Added a new version which supports removing a list of labels instead of just one. Use 'removeAggregateAlertLabels' instead. Will be removed at the earliest in version 1.273]") + + """ + Remove labels from an aggregate alert, at most 100 at a time. Will return the updated aggregate alert if successfully updated and null with errors if unsuccessful. + Stability: Long-term + """ + removeAggregateAlertLabels( + "Data for removing labels from an aggregate alert." + input: RemoveAggregateAlertLabels!): AggregateAlert @stability(level: LongTerm) + + "Remove a label from an alert." + removeAlertLabelV2( + "Data for removing a label from an alert" + input: RemoveAlertLabel!): Alert! @deprecated(reason: "[DEPRECATED: Added a new version which supports removing a list of labels instead of just one. Use 'removeLegacyAlertLabels' instead. Will be removed at the earliest in version 1.273]") + + "Stability: Preview" + removeCrossOrgViewConnections(input: RemoveCrossOrgViewConnectionsInput!): View! @stability(level: Preview) + + """ + Remove a filter from a dashboard's list of filters. + Stability: Long-term + """ + removeDashboardFilter(id: String!, filterId: String!): Dashboard! @stability(level: LongTerm) + + "Remove a label from a dashboard." + removeDashboardLabel(id: String!, label: String!): Dashboard! @deprecated(reason: "[DEPRECATED: Added a new version which supports removing a list of labels instead of just one. Use 'removeDashboardLabels' instead. Will be removed at the earliest in version 1.273]") + + """ + Remove labels from a dashboard, at most 100 at a time. Will return the updated dashboard if successful or null with errors if unsuccessful. + Stability: Long-term + """ + removeDashboardLabels( + "Data for removing labels from a dashboard." + input: RemoveDashboardLabels!): Dashboard @stability(level: LongTerm) + + """ + Gets or create a new demo data view. + Stability: Short-term + """ + removeDemoDataRepository(demoDataType: String!): Boolean! @stability(level: ShortTerm) + + """ + Removes a field alias mapping to an existing schema. + Stability: Long-term + """ + removeFieldAliasMapping(input: RemoveAliasMappingInput!): Boolean! @stability(level: LongTerm) + + "Remove file" + removeFile(fileName: String!, name: String!): BooleanResultType! @deprecated(reason: "[DEPRECATED: There is now an updated version of this mutation. Use 'deleteFile' instead. Will be removed at the earliest in version 1.267]") + + """ + Remove labels from a file, at most 100 at a time. Will return the updated file if successful and null with errors if the removal did not succeed. + Stability: Long-term + """ + removeFileLabels( + "Input type for removing labels from a file." + input: RemoveFileLabels!): File @stability(level: LongTerm) + + "Remove a label from a filter alert." + removeFilterAlertLabel( + "Data for removing a label from a filter alert." + input: RemoveFilterAlertLabel!): Boolean! @deprecated(reason: "[DEPRECATED: Added a new version which supports removing a list of labels instead of just one. Use 'removeFilterAlertLabels' instead. Will be removed at the earliest in version 1.273]") + + """ + Remove labels from a filter alert, at most 100 at a time. Will the updated filter alert if successfully updated and null with errors if unsuccessful. + Stability: Long-term + """ + removeFilterAlertLabels( + "Data for removing labels from a filter alert." + input: RemoveFilterAlertLabels!): FilterAlert @stability(level: LongTerm) + + """ + Remove an item on the query blocklist. + Stability: Long-term + """ + removeFromBlocklist( + "Data for removing a blocklist entry" + input: RemoveFromBlocklistInput!): Boolean! @stability(level: LongTerm) + + "Stability: Short-term" + removeFromLogCollectorConfigurationTest(configId: String!, collectorIds: [String!]!): FleetConfigurationTest! @stability(level: ShortTerm) + + """ + Disable functions for use with specified language version. + Stability: Preview + """ + removeFunctionsFromAllowList(input: FunctionListInput!): Boolean! @stability(level: Preview) + + """ + Removes the global default cache policy + Stability: Preview + """ + removeGlobalDefaultCachePolicy: Boolean! @stability(level: Preview) + + """ + Removes a group. Only usable if roles are not managed externally, e.g. in LDAP. + Stability: Long-term + """ + removeGroup(groupId: String!): RemoveGroupMutation! @stability(level: LongTerm) + + """ + Remove an Ingest Token. + Stability: Long-term + """ + removeIngestToken( + "The name of the repository to remove the ingest token from." + repositoryName: String!, + + "The name of the token to delete." + name: String!): BooleanResultType! @stability(level: LongTerm) + + """ + Remove labels from a legacy alert, at most 100 at a time. Will return the updated legacy alert if successfully updated and null with errors if unsuccessful. + Stability: Long-term + """ + removeLegacyAlertLabels( + "Data for removing labels from a legacy alert" + input: RemoveLegacyAlertLabels!): Alert @stability(level: LongTerm) + + "Remove a limit in the given organization" + removeLimit(input: RemoveLimitInput!): Boolean! @deprecated(reason: "[DEPRECATED: This mutation is deprecated and will be removed in the future. Use 'removeLimitWithId' instead. Will be removed at the earliest in version 1.228]") + + """ + Remove a limit with id in the given organization + Stability: Short-term + """ + removeLimitWithId(limitId: String!): Boolean! @stability(level: ShortTerm) + + "Stability: Long-term" + removeLoginBridge: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + removeLoginBridgeAllowedUsers(userID: String!): LoginBridge! @stability(level: LongTerm) + + """ + Removes the default cache policy of the current organization. + Stability: Preview + """ + removeOrgDefaultCachePolicy: Boolean! @stability(level: Preview) + + """ + Remove the organization with the given id (needs to be the same organization ID as the requesting user is in). + Stability: Short-term + """ + removeOrganization(organizationId: String!): Boolean! @stability(level: ShortTerm) + + """ + Remove the bucket config for the organization. + Stability: Long-term + """ + removeOrganizationBucketConfig: Organization! @stability(level: LongTerm) + + """ + Cancel transfer of segments and files under an organization to be moved to its respective bucket. + Stability: Long-term + """ + removeOrganizationForBucketTransfer: Boolean! @stability(level: LongTerm) + + "Stability: Short-term" + removeQueryQuotaDefaultSettings: Boolean! @stability(level: ShortTerm) + + "Stability: Short-term" + removeQueryQuotaUserSettings(username: String!): Boolean! @stability(level: ShortTerm) + + """ + Removes the cache policy of a repository + Stability: Preview + """ + removeRepoCachePolicy( + "Data to remove a repository cache policy" + input: RemoveRepoCachePolicyInput!): Boolean! @stability(level: Preview) + + """ + Removes a role. Only usable if roles are not managed externally, e.g. in LDAP. + Stability: Long-term + """ + removeRole(roleId: String!): BooleanResultType! @stability(level: LongTerm) + + """ + Remove labels from a saved query. Returns the updated saved query if successfully updated, or null with errors if unsuccessful. + Stability: Long-term + """ + removeSavedQueryLabels( + "Data for removing labels from a saved query." + input: RemoveSavedQueryLabels!): SavedQuery @stability(level: LongTerm) + + "Remove a label from a scheduled search." + removeScheduledSearchLabel( + "Data for removing a label" + input: RemoveLabelScheduledSearch!): ScheduledSearch! @deprecated(reason: "[DEPRECATED: Added a new version which supports removing a list of labels instead of just one. Use 'removeScheduledSearchLabels' instead. Will be removed at the earliest in version 1.273]") + + """ + Remove labels from a scheduled search, at most 100 at a time. Will return the updated scheduled search if successfully updated and null with errors if unsuccessful. + Stability: Long-term + """ + removeScheduledSearchLabels( + "Data for removing labels from a scheduled search" + input: RemoveScheduledSearchLabels!): ScheduledSearch @stability(level: LongTerm) + + """ + Removes a secondary subdomain from the organization + Stability: Preview + """ + removeSecondarySubdomain(input: RemoveSecondarySubdomainInput!): Organization! @stability(level: Preview) + + "Temporary mutation to remove all size based retention for all organizations." + removeSizeBasedRetentionForAllOrganizations: [String!]! @deprecated(reason: "[DEPRECATED: This mutation is no longer used. Will be removed at the earliest in version 1.201]") + + """ + Remove a star from a dashboard. + Stability: Long-term + """ + removeStarFromDashboard(id: String!): Dashboard! @stability(level: LongTerm) + + "Stability: Long-term" + removeStarFromField(input: RemoveStarToFieldInput!): RemoveStarToFieldMutation! @stability(level: LongTerm) + + """ + Remove a star from a repository or view. + Stability: Long-term + """ + removeStarFromSearchDomain(name: String!): SearchDomain! @stability(level: LongTerm) + + """ + Remove the subdomain settings for the organization. + Stability: Preview + """ + removeSubdomainSettings: Organization! @stability(level: Preview) + + """ + Remove a user. + Stability: Long-term + """ + removeUser(input: RemoveUserInput!): RemoveUserMutation! @stability(level: LongTerm) + + """ + Remove a user. + Stability: Long-term + """ + removeUserById(input: RemoveUserByIdInput!): RemoveUserByIdMutation! @stability(level: LongTerm) + + """ + Removes users from an existing group. + Stability: Long-term + """ + removeUsersFromGroup(input: RemoveUsersFromGroupInput!): RemoveUsersFromGroupMutation! @stability(level: LongTerm) + + """ + Rename a dashboard. + Stability: Long-term + """ + renameDashboard(id: String!, name: String!): Dashboard! @stability(level: LongTerm) + + """ + Rename a Repository or View. + Stability: Long-term + """ + renameSearchDomain( + "Old name for Repository or View" + name: String!, + + "New name for Repository or View. Note that this changes the URLs for accessing the Repository or View." + renameTo: String!): SearchDomain! @stability(level: LongTerm) + + """ + Rename a Repository or View. + Stability: Long-term + """ + renameSearchDomainById(input: RenameSearchDomainByIdInput!): SearchDomain! @stability(level: LongTerm) + + "Stability: Long-term" + renameWidget(id: String!, widgetId: String!, title: String!): Dashboard! @stability(level: LongTerm) + + """ + Resend an invite to a pending user. + Stability: Long-term + """ + resendInvitation(input: TokenInput!): Boolean! @stability(level: LongTerm) + + """ + Resets the flight recorder settings to default for the given vhost + Stability: Preview + """ + resetFlightRecorderSettings( + "The vhost to change the settings for." + vhost: Int!): Boolean! @stability(level: Preview) + + """ + Sets the quota and rate to the given value or resets it to defaults + Stability: Long-term + """ + resetQuota( + "Data for resetting quota" + input: ResetQuotaInput!): Boolean! @stability(level: LongTerm) + + "Stability: Short-term" + resetToFactorySettings: Account! @stability(level: ShortTerm) + + """ + Mark all segment files as unarchived. + Stability: Short-term + """ + restartArchiving(repositoryName: String!, archivalKind: ArchivalKind = RepoOnly): BooleanResultType! @stability(level: ShortTerm) + + """ + Restore a deleted search domain. + Stability: Preview + """ + restoreDeletedSearchDomain(input: RestoreDeletedSearchDomainInput!): SearchDomain! @stability(level: Preview) + + """ + Resubmit marketo lead. Requires root level privileges and an organization owner in the organization (the lead). + Stability: Long-term + """ + resubmitMarketoLead(input: ResubmitMarketoLeadData!): Boolean! @stability(level: LongTerm) + + """ + Revoke a pending user. Once revoked, the invitation link sent to the user becomes invalid. + Stability: Long-term + """ + revokePendingUser(input: TokenInput!): Boolean! @stability(level: LongTerm) + + """ + Revoke the specified session. Can be a single session, all sessions for a user or all sessions in an organization. + Stability: Long-term + """ + revokeSession(input: RevokeSessionInput!): Boolean! @stability(level: LongTerm) + + """ + Rollback the organization with the given id. + Stability: Short-term + """ + rollbackOrganization(organizationId: String!): Boolean! @stability(level: ShortTerm) + + """ + Rotate a token + Stability: Long-term + """ + rotateToken(input: RotateTokenInputData!): String! @stability(level: LongTerm) + + """ + This is used to initiate a global consistency check on a cluster. Returns the checkId of the consistency check run + Stability: Preview + """ + runGlobalConsistencyCheck: String! @stability(level: Preview) + + """ + Manually start the organization inconsistency job. This job will check for inconsistencies like orphaned entities, references to non-existent entities. The job can be run in a dry-run mode that only logs what would have happened. + Stability: Preview + """ + runInconsistencyCheck(input: RunInconsistencyCheckInput!): String! @stability(level: Preview) + + """ + Configures S3 archiving for a repository. E.g. bucket and region. + Stability: Short-term + """ + s3ConfigureArchiving(repositoryName: String!, bucket: String!, region: String!, format: S3ArchivingFormat!, tagOrderInName: [String!], startFromDateTime: DateTime, roleArn: String, endAtDateTime: DateTime): BooleanResultType! @stability(level: ShortTerm) + + """ + Disables the archiving job for the repository. + Stability: Short-term + """ + s3DisableArchiving(repositoryName: String!): BooleanResultType! @stability(level: ShortTerm) + + """ + Enables the archiving job for the repository. + Stability: Short-term + """ + s3EnableArchiving(repositoryName: String!): BooleanResultType! @stability(level: ShortTerm) + + """ + Mark all segment files as unarchived. + Stability: Short-term + """ + s3ResetArchiving(repositoryName: String!, archivalKind: ArchivalKind = RepoOnly): BooleanResultType! @stability(level: ShortTerm) + + """ + Schedule deletion of a secret handle. + Stability: Preview + """ + scheduleDeleteSecretHandle( + "Input for scheduling the deletion of a secret handle. Warning this may break existing functionality." + input: ScheduleDeleteSecretHandleInput!): Boolean! @stability(level: Preview) + + """ + Scheduled report result failed. + Stability: Long-term + """ + scheduledReportResultFailed(input: ScheduledReportResultFailedInput!): Boolean! @stability(level: LongTerm) + + """ + Scheduled report result succeeded. + Stability: Long-term + """ + scheduledReportResultSucceeded(input: ScheduledReportResultSucceededInput!): Boolean! @stability(level: LongTerm) + + """ + Set to true to allow moving existing segments between nodes to achieve a better data distribution + Stability: Short-term + """ + setAllowRebalanceExistingSegments( + "true if the cluster should allow moving existing segments between nodes to achieve a better data distribution" + allowRebalanceExistingSegments: Boolean!): Boolean! @stability(level: ShortTerm) + + """ + Set whether or not to allow updating the desired digesters automatically + Stability: Short-term + """ + setAllowUpdateDesiredDigesters( + "Whether or not to allow updating the desired digesters automatically" + allowUpdateDesiredDigesters: Boolean!): Boolean! @stability(level: ShortTerm) + + """ + Automatically search when arriving at the search page + Stability: Long-term + """ + setAutomaticSearching(name: String!, automaticSearch: Boolean!): setAutomaticSearching! @stability(level: LongTerm) + + """ + Set CID of provisioned organization + Stability: Short-term + """ + setCid(cid: String!): Organization! @stability(level: ShortTerm) + + """ + Mark a filter as the default for a dashboard. This filter will automatically be active when the dashboard is opened. + Stability: Long-term + """ + setDefaultDashboardFilter(id: String!, filterId: String): Dashboard! @stability(level: LongTerm) + + """ + Set the query that should be loaded on entering the search page in a specific view. + Stability: Long-term + """ + setDefaultSavedQuery(input: SetDefaultSavedQueryInput!): BooleanResultType! @stability(level: LongTerm) + + """ + Sets the digest replication factor to the supplied value + Stability: Short-term + """ + setDigestReplicationFactor( + "The replication factor for segments newly written to digest nodes. Applies until the segments are moved to storage nodes." + digestReplicationFactor: Int!): Int! @stability(level: ShortTerm) + + """ + Set a dynamic config. Requires root level access. + Stability: Short-term + """ + setDynamicConfig(input: DynamicConfigInputObject!): Boolean! @stability(level: ShortTerm) + + """ + Configures whether subdomains are enforced for the organization + Stability: Preview + """ + setEnforceSubdomains(input: EnforceSubdomainsInput!): Organization! @stability(level: Preview) + + """ + Save UI styling and other properties for a field. These will be used whenever that field is added to a table or event list in LogScale's UI. + Stability: Long-term + """ + setFieldConfiguration(input: FieldConfigurationInput!): Boolean! @stability(level: LongTerm) + + """ + Force stop or resume an ingest feed + Stability: Preview + """ + setForceStopOnIngestFeed( + "Data for setting force stop state on an ingest feed" + input: SetForceStopOnIngestFeed!): Boolean! @stability(level: Preview) + + """ + Sets the global default cache policy. This policy will be applied to a repo if neither a repo or org cache policy is set. + Stability: Preview + """ + setGlobalDefaultCachePolicy( + "Data to set a global default cache policy" + input: SetGlobalDefaultCachePolicyInput!): Boolean! @stability(level: Preview) + + """ + Toggle whether the specified host should be prepared for eviction from the cluster. If preparing for eviction, the cluster will attempt to move data and work away from the host. + Stability: Short-term + """ + setIsBeingEvicted( + "ID of the node to set the isBeingEvicted flag for." + vhost: Int!, + + "Eviction flag indicating whether a node should be prepared for eviction from the cluster." + isBeingEvicted: Boolean!): Boolean! @stability(level: ShortTerm) + + """ + Remove a limit in the given organization + Stability: Long-term + """ + setLimitDisplayName(input: SetLimitDisplayNameInput!): Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + setLoginBridge(input: LoginBridgeInput!): LoginBridge! @stability(level: LongTerm) + + "Stability: Long-term" + setLoginBridgeTermsState(accepted: Boolean!): LoginBridge! @stability(level: LongTerm) + + "Stability: Short-term" + setLostCollectorDays(days: Int): Boolean! @stability(level: ShortTerm) + + """ + Sets the percentage of all hosts relevant to a particular cluster rebalance operation that need to be alive before we allow the system to automatically execute the operation to the supplied value. Cluster rebalance operations currently include reassigning digest work, and moving existing segments to balance disk usage. + Stability: Short-term + """ + setMinHostAlivePercentageToEnableClusterRebalancing( + "Percentage of all hosts relevant to a particular cluster rebalance operation that need to be alive before we allow the system to automatically execute the operation. Cluster rebalance operations currently include reassigning digest work, and moving existing segments to balance disk usage. Must be between 0 and 100, both inclusive" + minHostAlivePercentageToEnableClusterRebalancing: Int!): Int! @stability(level: ShortTerm) + + """ + Sets the starting read offset for the given ingest partition. + Stability: Preview + """ + setOffsetForDatasourcesOnPartition( + "Data for setting offset for datasources on partition type." + input: SetOffsetForDatasourcesOnPartitionInput!): Boolean! @stability(level: Preview) + + """ + Sets the duration old object sampling will run for before dumping results and restarting + Stability: Preview + """ + setOldObjectSampleDurationMinutes( + "The vhost to change the setting for." + vhost: Int!, + + "The duration old object sampling will run for before dumping results and restarting" + oldObjectSampleDurationMinutes: Long!): Long! @stability(level: Preview) + + """ + Toggles the OldObjectSample event on or off + Stability: Preview + """ + setOldObjectSampleEnabled( + "The vhost to change the setting for." + vhost: Int!, + + "true to enable the OldObjectSample event" + oldObjectSampleEnabled: Boolean!): Boolean! @stability(level: Preview) + + """ + Sets the default cache policy of the current organization. This policy will be applied to repos within the current organizatio if a repo cache policy is set. + Stability: Preview + """ + setOrgDefaultCachePolicy( + "Data to set a organization default cache policy" + input: SetOrgDefaultCachePolicyInput!): Boolean! @stability(level: Preview) + + """ + Set the primary bucket target for the organization. + Stability: Long-term + """ + setOrganizationBucket1(targetBucketId1: String!): Organization! @stability(level: LongTerm) + + """ + Set the secondary bucket target for the organization. + Stability: Long-term + """ + setOrganizationBucket2(targetBucketId2: String!): Organization! @stability(level: LongTerm) + + """ + Set the primary domain for the organization. If a primary domain is already set the existing primary domain is converted to a secondary domain + Stability: Preview + """ + setPrimarySubdomain(input: SetPrimarySubdomainInput!): Organization! @stability(level: Preview) + + """ + Sets the cache policy of a repository. + Stability: Preview + """ + setRepoCachePolicy( + "Data to set a repo cache policy" + input: SetRepoCachePolicyInput!): Boolean! @stability(level: Preview) + + """ + Sets the segment replication factor to the supplied value + Stability: Short-term + """ + setSegmentReplicationFactor( + "replication factor for segment storage" + segmentReplicationFactor: Int!): Int! @stability(level: ShortTerm) + + """ + Set the subdomain settings for an organization. This overrides previously configured settings + Stability: Preview + """ + setSubdomainSettings(input: SetSubdomainSettingsInput!): Organization! @stability(level: Preview) + + """ + Set current tag groupings for a repository. + Stability: Long-term + """ + setTagGroupings( + "The name of the repository on which to apply the new tag groupings." + repositoryName: String!, + + "The tag groupings to set for the repository." + tagGroupings: [TagGroupingRuleInput!]!): [TagGroupingRule!]! @stability(level: LongTerm) + + "Stability: Short-term" + setWantedLogCollectorVersion(id: String!, version: String, timeOfUpdate: DateTime): Boolean! @stability(level: ShortTerm) + + """ + Star a saved query in user settings. + Stability: Long-term + """ + starQuery(input: AddStarToQueryInput!): BooleanResultType! @stability(level: LongTerm) + + "Stability: Short-term" + startLogCollectorConfigurationTest(configId: String!, collectorIds: [String!]!): FleetConfigurationTest! @stability(level: ShortTerm) + + """ + Start the process of migrating from organization mode MultiV1 to MultiV2. This process will not preserve system logs in organizations + Stability: Preview + """ + startOrganizationMultiModeMigration: Boolean! @stability(level: Preview) + + """ + Stops all running queries including streaming queries + Stability: Short-term + """ + stopAllQueries( + "Input to stopping queries." + input: StopQueriesInput): Boolean! @stability(level: ShortTerm) + + """ + Stops all historical queries, ignores live and streaming queries + Stability: Short-term + """ + stopHistoricalQueries( + "Input to stopping queries." + input: StopQueriesInput): Boolean! @stability(level: ShortTerm) + + "Stability: Short-term" + stopLogCollectorConfigurationTest(configId: String!): FleetConfigurationTest! @stability(level: ShortTerm) + + """ + Stops all streaming queries + Stability: Short-term + """ + stopStreamingQueries( + "Input to stopping queries." + input: StopQueriesInput): Boolean! @stability(level: ShortTerm) + + """ + Tests whether the Iam role is setup correctly and that there is a connection to the SQS queue. + Stability: Long-term + """ + testAwsS3SqsIngestFeed( + "Data for testing an ingest feed that uses AWS S3 and SQS" + input: TestAwsS3SqsIngestFeed!): Boolean! @stability(level: LongTerm) + + """ + Tests whether the Azure Event Hubs and blob storage container is setup with the correct permissions. + Stability: Long-term + """ + testAzureEventHubIngestFeed( + "Data for testing an ingest feed that uses Azure Event Hubs." + input: TestAzureEventHubIngestFeed!): Boolean! @stability(level: LongTerm) + + """ + Test an email action + Stability: Long-term + """ + testEmailAction( + "Data for testing an email action" + input: TestEmailAction!): TestResult! @stability(level: LongTerm) + + """ + Test an FDR feed. + Stability: Long-term + """ + testFdrFeed( + "Data for testing an FDR feed." + input: TestFdrFeed!): TestFdrResult! @stability(level: LongTerm) + + """ + Test a Humio repo action. + Stability: Long-term + """ + testHumioRepoAction( + "Data for testing a Humio repo action" + input: TestHumioRepoAction!): TestResult! @stability(level: LongTerm) + + """ + Tests whether an already created ingest feed is setup with the correct permissions. + Stability: Preview + """ + testIngestFeedById( + "Data for testing an already created ingest feed." + input: TestIngestFeedById!): Boolean! @stability(level: Preview) + + """ + Test that a Kafka event forwarder can connect to the specified Kafka server and topic. + Note that this may create the topic on the broker if the Kafka broker is configured to automatically create + topics. + Stability: Long-term + """ + testKafkaEventForwarderV2( + "Data for testing a Kafka event forwarder" + input: TestKafkaEventForwarder!): TestResult! @stability(level: LongTerm) + + """ + Test an OpsGenie action. + Stability: Long-term + """ + testOpsGenieAction( + "Data for testing an OpsGenie action" + input: TestOpsGenieAction!): TestResult! @stability(level: LongTerm) + + """ + Test a PagerDuty action. + Stability: Long-term + """ + testPagerDutyAction( + "Data for testing a PagerDuty action." + input: TestPagerDutyAction!): TestResult! @stability(level: LongTerm) + + """ + Test a parser on some test cases. + Stability: Long-term + """ + testParserV2(input: ParserTestRunInput!): ParserTestRunOutput! @stability(level: LongTerm) + + """ + Test an s3 action + Stability: Long-term + """ + testS3Action( + "Data for testing an S3 action." + input: TestS3Action!): TestResult! @stability(level: LongTerm) + + """ + Test a Slack action. + Stability: Long-term + """ + testSlackAction( + "Data for testing a Slack action." + input: TestSlackAction!): TestResult! @stability(level: LongTerm) + + """ + Test a post message Slack action. + Stability: Long-term + """ + testSlackPostMessageAction( + "Data for testing a post message Slack action." + input: TestPostMessageSlackAction!): TestResult! @stability(level: LongTerm) + + """ + Test an upload file action + Stability: Long-term + """ + testUploadFileAction( + "Data for testing an upload file action." + input: TestUploadFileAction!): TestResult! @stability(level: LongTerm) + + """ + Test a VictorOps action. + Stability: Long-term + """ + testVictorOpsAction( + "Data for testing a VictorOps action." + input: TestVictorOpsAction!): TestResult! @stability(level: LongTerm) + + """ + Test a webhook action. + Stability: Long-term + """ + testWebhookAction( + "Data for testing a webhook action." + input: TestWebhookAction!): TestResult! @stability(level: LongTerm) + + """ + Will attempt to trigger a poll on an ingest feed. + Stability: Long-term + """ + triggerPollIngestFeed( + "Data for trigger polling an ingest feed" + input: TriggerPollIngestFeed!): Boolean! @stability(level: LongTerm) + + """ + Un-associates a token with its currently assigned parser. + Stability: Long-term + """ + unassignIngestToken( + "The name of the repository the ingest token belongs to." + repositoryName: String!, + + "The name of the token." + tokenName: String!): UnassignIngestTokenMutation! @stability(level: LongTerm) + + """ + Removes the organization management role assigned to the group for the provided organizations. + Stability: Preview + """ + unassignOrganizationManagementRoleFromGroup(input: UnassignOrganizationManagementRoleFromGroupInput!): UnassignOrganizationManagementRoleFromGroup! @stability(level: Preview) + + """ + Removes the organization role assigned to the group. + Stability: Long-term + """ + unassignOrganizationRoleFromGroup(input: RemoveOrganizationRoleFromGroupInput!): UnassignOrganizationRoleFromGroup! @stability(level: LongTerm) + + """ + Removes the role assigned to the group for a given view. + Stability: Long-term + """ + unassignRoleFromGroup(input: RemoveRoleFromGroupInput!): UnassignRoleFromGroup! @stability(level: LongTerm) + + """ + Removes the system role assigned to the group. + Stability: Long-term + """ + unassignSystemRoleFromGroup(input: RemoveSystemRoleFromGroupInput!): UnassignSystemRoleFromGroup! @stability(level: LongTerm) + + """ + Unassign node tasks. Returns the set of assigned tasks after the unassign operation has completed. + Stability: Short-term + """ + unassignTasks( + "ID of the node to assign node tasks to." + nodeID: Int!, + + "List of tasks to unassign." + tasks: [NodeTaskEnum!]!): [NodeTaskEnum!]! @stability(level: ShortTerm) + + """ + Unassigns role(s) for user in the search domain. + Stability: Long-term + """ + unassignUserRoleForSearchDomain(userId: String!, searchDomainId: String!, + + "If specified, only unassigns the role with the specified id. If not specified, unassigns all user roles for the user in the search domain." + roleId: String): User! @stability(level: LongTerm) + + """ + Unblock ingest to the specified repository. (Requires ManageCluster Permission) + Stability: Long-term + """ + unblockIngest(repositoryName: String!): UnblockIngestMutation! @stability(level: LongTerm) + + "Stability: Long-term" + unenrollLogCollectors(ids: [String!]): [EnrolledCollector!]! @stability(level: LongTerm) + + """ + Uninstalls a package from a specific view. + Stability: Long-term + """ + uninstallPackage( + "The id of the package to uninstall." + packageId: UnversionedPackageSpecifier!, + + "The name of the view the package to uninstall is installed in." + viewName: String!): BooleanResultType! @stability(level: LongTerm) + + "Stability: Preview" + unlinkChildOrganization(childId: String!): Boolean! @stability(level: Preview) + + """ + Unset a dynamic config. Requires Manage Cluster permission. + Stability: Short-term + """ + unsetDynamicConfig(input: UnsetDynamicConfigInputObject!): Boolean! @stability(level: ShortTerm) + + """ + Unset the secondary bucket target for the organization. + Stability: Long-term + """ + unsetOrganizationBucket2: Organization! @stability(level: LongTerm) + + """ + Unstar a saved query in user settings. + Stability: Long-term + """ + unstarQuery(input: RemoveStarFromQueryInput!): SavedQueryStarredUpdate! @stability(level: LongTerm) + + """ + Update the action security policies for the organization + Stability: Long-term + """ + updateActionSecurityPolicies(input: ActionSecurityPoliciesInput!): Organization! @stability(level: LongTerm) + + """ + Update an aggregate alert. + Stability: Long-term + """ + updateAggregateAlert( + "Data for updating an aggregate alert." + input: UpdateAggregateAlert!): AggregateAlert! @stability(level: LongTerm) + + """ + Update an alert. + Stability: Long-term + """ + updateAlert( + "Data for updating an alert" + input: UpdateAlert!): Alert! @stability(level: LongTerm) + + """ + Update an ingest feed, which uses AWS S3 and SQS + Stability: Long-term + """ + updateAwsS3SqsIngestFeed( + "Data for updating an ingest feed which uses AWS S3 with SQS. The update is a delta update." + input: UpdateAwsS3SqsIngestFeed!): IngestFeed! @stability(level: LongTerm) + + """ + Update an ingest feed that uses Azure Event Hubs. + Stability: Preview + """ + updateAzureEventHubIngestFeed( + "Data for updating an ingest feed which uses Azure Event Hubs. The update is a delta update." + input: UpdateAzureEventHubIngestFeed!): IngestFeed! @stability(level: Preview) + + """ + Update credentials for an ingest feed that uses Azure Event Hubs. + Stability: Preview + """ + updateAzureEventHubIngestFeedCredentials( + "Data for updating the credentials for an ingest feed which uses Azure Event Hubs." + input: UpdateAzureEventHubIngestFeedCredentials!): IngestFeed! @stability(level: Preview) + + "Stability: Preview" + updateCrossOrgViewConnectionFilters(input: UpdateCrossOrganizationViewConnectionFiltersInput!): View! @stability(level: Preview) + + """ + Update a custom link interaction. + Stability: Long-term + """ + updateCustomLinkInteraction(input: UpdateCustomLinkInteractionInput!): InteractionId! @stability(level: LongTerm) + + """ + Update a dashboard. + Stability: Long-term + """ + updateDashboard(input: UpdateDashboardInput!): UpdateDashboardMutation! @stability(level: LongTerm) + + """ + Update a dashboard filter. + Stability: Long-term + """ + updateDashboardFilter(id: String!, filterId: String!, name: String!, prefixFilter: String!): Dashboard! @stability(level: LongTerm) + + """ + Update a dashboard from a YAML specification. + Stability: Long-term + """ + updateDashboardFromTemplate( + "Data for updating a dashboard from a YAML specification." + input: UpdateDashboardFromTemplateInput!): Dashboard! @stability(level: LongTerm) + + """ + Update a dashboard link interaction. + Stability: Long-term + """ + updateDashboardLinkInteraction(input: UpdateDashboardLinkInteractionInput!): InteractionId! @stability(level: LongTerm) + + """ + Update a dashboard token to run as another user + Stability: Long-term + """ + updateDashboardToken(viewId: String!, + + "If field is set to anything else than the calling user id, an exception will be thrown." + userId: String @deprecated(reason: "[DEPRECATED: Deprecated in favor of queryOwnershipType, since dashboards can now run on behalf of the organization. Use 'queryOwnershipType' instead. Will be removed at the earliest in version 1.273]"), + + "The token for the dashboard" + dashboardToken: String!, + + "Ownership of the query run by this shared dashboard. If value is User, ownership will be based on the calling user." + queryOwnershipType: QueryOwnershipType = User): View! @stability(level: LongTerm) + + """ + Updates the default queryprefix for a group. + Stability: Long-term + """ + updateDefaultQueryPrefix(input: UpdateDefaultQueryPrefixInput!): UpdateDefaultQueryPrefixMutation! @stability(level: LongTerm) + + """ + Updates the default role for a group. + Stability: Long-term + """ + updateDefaultRole(input: UpdateDefaultRoleInput!): updateDefaultRoleMutation! @stability(level: LongTerm) + + "Stability: Long-term" + updateDescriptionForSearchDomain(name: String!, newDescription: String!): UpdateDescriptionMutation! @stability(level: LongTerm) + + """ + Updates a log collector configuration. + Stability: Short-term + """ + updateDraftLogCollectorConfiguration(id: String!, draft: String): LogCollectorConfiguration! @stability(level: ShortTerm) + + """ + Update an email action. + Stability: Long-term + """ + updateEmailAction( + "Data for updating an email action." + input: UpdateEmailAction!): EmailAction! @stability(level: LongTerm) + + """ + Update an event forwarding rule on a repository and return it + Stability: Long-term + """ + updateEventForwardingRule( + "Data for updating an event forwarding rule" + input: UpdateEventForwardingRule!): EventForwardingRule! @stability(level: LongTerm) + + """ + Update an FDR feed with the supplied changes. Note that the input fields to this method, apart from `id` and `repositoryName`, only need to be supplied if the field should be changed. + Stability: Long-term + """ + updateFdrFeed( + "Data for updating an FDR feed. Note that the fields, apart from `id` and `repositoryName`, only need to be supplied if the field should be changed." + input: UpdateFdrFeed!): FdrFeed! @stability(level: LongTerm) + + """ + FDR feed administrator control update + Stability: Long-term + """ + updateFdrFeedControl( + "Data for updating the administrator control of an FDR feed." + input: UpdateFdrFeedControl!): FdrFeedControl! @stability(level: LongTerm) + + """ + Updates an alias mapping on a schema. + Stability: Long-term + """ + updateFieldAliasMapping(input: UpdateFieldAliasMappingInput!): String! @stability(level: LongTerm) + + """ + Updates an existing schema. + Stability: Long-term + """ + updateFieldAliasSchema(input: UpdateFieldAliasSchemaInput!): FieldAliasSchema! @stability(level: LongTerm) + + """ + Change file + Stability: Long-term + """ + updateFile(fileName: String!, name: String!, + + "The rows within the offset and limit. They will overwrite all existing rows that are also within the offset and limit." + changedRows: [[String!]!]!, + + "Table headers" + headers: [String!]!, + + "List of column changes that will be applied to all rows in the file. Ordering is important, as the first change in the list will be executed first, and the next change will be executed on the resulting rows." + columnChanges: [ColumnChange!]!, + + "Used to find when to stop replacing rows, by adding the limit to the offset. If no offset is given, the file will be truncated to match the updated rows." + limit: Int, + + "Starting index to replace the old rows with the updated ones. It does not take into account the header row." + offset: Int, labels: [String!]): UploadedFileSnapshot! @stability(level: LongTerm) + + """ + Update a filter alert. + Stability: Long-term + """ + updateFilterAlert( + "Data for updating a filter alert" + input: UpdateFilterAlert!): FilterAlert! @stability(level: LongTerm) + + "Stability: Short-term" + updateFleetInstallTokenConfigId(token: String!, configId: String): FleetInstallationToken! @stability(level: ShortTerm) + + "Stability: Long-term" + updateFleetInstallTokenName(token: String!, name: String!): FleetInstallationToken! @stability(level: LongTerm) + + """ + Updates the group. + Stability: Long-term + """ + updateGroup(input: UpdateGroupInput!): UpdateGroupMutation! @stability(level: LongTerm) + + """ + Update a LogScale repository action. + Stability: Long-term + """ + updateHumioRepoAction( + "Data for updating a LogScale repository action." + input: UpdateHumioRepoAction!): HumioRepoAction! @stability(level: LongTerm) + + """ + Update IP filter. + Stability: Long-term + """ + updateIPFilter(input: IPFilterUpdateInput!): IPFilter! @stability(level: LongTerm) + + """ + Update an ingest listener. + Stability: Long-term + """ + updateIngestListenerV3(input: UpdateIngestListenerV3Input!): IngestListener! @stability(level: LongTerm) + + """ + Sets the ingest partition scheme of the LogScale cluster. Requires ManageCluster permission. Be aware that the ingest partition scheme is normally automated, and changes will be overwritten by the automation. This mutation should generally not be used unless the automation is temporarily disabled. + Stability: Short-term + """ + updateIngestPartitionScheme( + "The list of ingest partitions. If partitions are missing in the input, they are left unchanged." + partitions: [IngestPartitionInput!]!): BooleanResultType! @stability(level: ShortTerm) + + """ + Update a Kafka event forwarder and return it + Stability: Long-term + """ + updateKafkaEventForwarder( + "Data for updating a Kafka event forwarder" + input: UpdateKafkaEventForwarder!): KafkaEventForwarder! @stability(level: LongTerm) + + """ + Update the license key for the LogScale cluster. If there is an existing license on this cluster this operation requires permission to manage cluster. + Stability: Long-term + """ + updateLicenseKey(license: String!): License! @stability(level: LongTerm) + + "Update the limit with the given name, only the arguments defined will be updated" + updateLimit(input: UpdateLimitInput!): Boolean! @deprecated(reason: "[DEPRECATED: This mutation has been replaced by its V2 variant. Use 'updateLimitV2' instead. Will be removed at the earliest in version 1.201]") + + """ + Update the limit with the given name, only the arguments defined will be updated + Stability: Long-term + """ + updateLimitV2(input: UpdateLimitInputV2!): LimitV2! @stability(level: LongTerm) + + """ + Update a cluster connection to a local view. + Stability: Short-term + """ + updateLocalClusterConnection( + "Data for updating a local cluster connection" + input: UpdateLocalClusterConnectionInput!): LocalClusterConnection! @stability(level: ShortTerm) + + "Stability: Short-term" + updateLogCollectorConfigurationDescription(configId: String!, description: String): LogCollectorConfiguration! @stability(level: ShortTerm) + + "Stability: Short-term" + updateLogCollectorConfigurationName(configId: String!, name: String!): LogCollectorConfiguration! @stability(level: ShortTerm) + + "Stability: Short-term" + updateLogCollectorGroupConfigIds(id: String!, configIds: [String!]): LogCollectorGroup! @stability(level: ShortTerm) + + "Stability: Short-term" + updateLogCollectorGroupFilter(id: String!, filter: String): LogCollectorGroup! @stability(level: ShortTerm) + + "Stability: Long-term" + updateLogCollectorGroupName(id: String!, name: String!): LogCollectorGroup! @stability(level: LongTerm) + + "Stability: Short-term" + updateLogCollectorGroupWantedVersion(id: String!, wantedVersion: String): LogCollectorGroup! @stability(level: ShortTerm) + + "Stability: Long-term" + updateLoginBridge(input: LoginBridgeUpdateInput!): LoginBridge! @stability(level: LongTerm) + + """ + Override the globally configured maximum number of auto shards. + Stability: Long-term + """ + updateMaxAutoShardCount(repositoryName: String!, + + "New override value. Set to zero to remove current override." + maxAutoShardCount: Int!): Repository! @stability(level: LongTerm) + + """ + Override the globally configured maximum size of ingest requests. + Stability: Long-term + """ + updateMaxIngestRequestSize(repositoryName: String!, + + "New override value. Set to zero to remove current override." + maxIngestRequestSize: Int!): Repository! @stability(level: LongTerm) + + "Stability: Long-term" + updateOIDCIdentityProvider(input: UpdateOidcConfigurationInput!): OidcIdentityProvider! @stability(level: LongTerm) + + """ + Update an OpsGenie action. + Stability: Long-term + """ + updateOpsGenieAction( + "Data for updating an OpsGenie action" + input: UpdateOpsGenieAction!): OpsGenieAction! @stability(level: LongTerm) + + """ + For manually fixing bad references. Root operation. + Stability: Preview + """ + updateOrganizationForeignKey(id: String!, foreignType: Organizations__ForeignType!, operation: Organizations__Operation!): Organization! @stability(level: Preview) + + """ + Update information about the organization + Stability: Short-term + """ + updateOrganizationInfo(name: String!, countryCode: String!, industry: String!, useCases: [Organizations__UseCases!]!): Organization! @stability(level: ShortTerm) + + """ + For manually updating contract limits. System operation. + Stability: Short-term + """ + updateOrganizationLimits(input: OrganizationLimitsInput!): Organization! @stability(level: ShortTerm) + + "Update mutability of the organization" + updateOrganizationMutability(organizationId: String!, blockIngest: Boolean!, readonly: Boolean!): Organization! @deprecated(reason: "[DEPRECATED: readonly is no longer used. Use 'blockIngestOnOrg' instead. Will be removed at the earliest in version 1.177.0]") + + """ + Update a note for a given organization. Requires root. + Stability: Short-term + """ + updateOrganizationNotes(notes: String!): Boolean! @stability(level: ShortTerm) + + """ + Update the permissions of an organization permission token. + Stability: Long-term + """ + updateOrganizationPermissionsTokenPermissions(input: UpdateOrganizationPermissionsTokenPermissionsInput!): String! @stability(level: LongTerm) + + """ + Update an users organizations root state + Stability: Short-term + """ + updateOrganizationRoot(userId: String!, organizationRoot: Boolean!): Organization! @stability(level: ShortTerm) + + """ + Update the subscription of the organization. Root operation. + Stability: Short-term + """ + updateOrganizationSubscription(input: UpdateSubscriptionInputObject!): Organization! @stability(level: ShortTerm) + + """ + Updates a package in a specific view. + Stability: Long-term + """ + updatePackageFromRegistryV2(UpdatePackageFromRegistryInput: UpdatePackageFromRegistryInput!): PackageUpdateResult! @stability(level: LongTerm) + + """ + Updates a package from file provided in multipart/form-data (name=file) in a specific view. + Stability: Long-term + """ + updatePackageFromZip( + "The name of the view the package is installed in." + viewName: String!, + + "how to handle conflicts" + conflictResolutions: [ConflictResolutionConfiguration!]!, + + "Ownership of the queries run by the triggers (e.g. alerts and scheduled searches) that are installed as part of this package. If value is User, ownership will be based on the calling user." + queryOwnershipType: QueryOwnershipType = User): BooleanResultType! @stability(level: LongTerm) + + """ + Update a PagerDuty action. + Stability: Long-term + """ + updatePagerDutyAction( + "Data for updating a PagerDuty action" + input: UpdatePagerDutyAction!): PagerDutyAction! @stability(level: LongTerm) + + """ + Update a parser from a YAML specification + Stability: Long-term + """ + updateParserFromTemplate( + "Data for updating a parser from a YAML template" + input: UpdateParserFromTemplateInput!): Parser! @stability(level: LongTerm) + + """ + Update a parser. Only the provided fields are updated on the parser, and the remaining fields not provided are unchanged. + Stability: Long-term + """ + updateParserV2(input: UpdateParserInputV2!): Parser! @stability(level: LongTerm) + + """ + Update the viewers profile. + Stability: Long-term + """ + updateProfile(firstName: String, lastName: String): Account! @stability(level: LongTerm) + + """ + Updates queryprefix for a group in a view. + Stability: Long-term + """ + updateQueryPrefix(input: UpdateQueryPrefixInput!): UpdateQueryPrefixMutation! @stability(level: LongTerm) + + """ + Update the readonly dashboard ip filter + Stability: Long-term + """ + updateReadonlyDashboardIPFilter(ipFilter: String): Boolean! @stability(level: LongTerm) + + """ + Update a cluster connection to a remote view. + Stability: Short-term + """ + updateRemoteClusterConnection( + "Data for updating a remote cluster connection" + input: UpdateRemoteClusterConnectionInput!): RemoteClusterConnection! @stability(level: ShortTerm) + + """ + Change the data type of a repository. + Stability: Short-term + """ + updateRepositoryDataType(input: UpdateRepoDataTypeInputObject!): Boolean! @stability(level: ShortTerm) + + """ + Change the limit id of a repository. + Stability: Short-term + """ + updateRepositoryLimitId(input: UpdateRepoLimitIdInputObject!): Boolean! @stability(level: ShortTerm) + + """ + Change the type of a repository. Only useful in Cloud setups. + Stability: Long-term + """ + updateRepositoryType(name: String!, type: String!): BooleanResultType! @stability(level: LongTerm) + + """ + Change the usage tag of a repository. + Stability: Short-term + """ + updateRepositoryUsageTag(name: String!, usageTag: String!): Boolean! @stability(level: ShortTerm) + + """ + Update the retention policy of a repository. + Stability: Long-term + """ + updateRetention( + "The name of the repository to change retention for." + repositoryName: String!, + + "The maximum time (in days) to keep data. Data old than this will be deleted." + timeBasedRetention: Float, + + "Sets retention (in gigabytes) based on the size of data when it arrives to LogScale, that is before parsing and compression. LogScale will keep `at most` this amount of data." + ingestSizeBasedRetention: Float, + + "Sets retention (in gigabytes) based on the size of data when it is stored in LogScale, that is after parsing and compression. LogScale will keep `at most` this amount of data." + storageSizeBasedRetention: Float, + + "Sets time (in days) to keep backups before they are deleted." + timeBasedBackupRetention: Float): UpdateRetentionMutation! @stability(level: LongTerm) + + "Stability: Long-term" + updateRole(input: UpdateRoleInput!): UpdateRoleMutation! @stability(level: LongTerm) + + """ + Update an S3 action. + Stability: Long-term + """ + updateS3Action( + "Data for updating an S3 action" + input: UpdateS3Action!): S3Action! @stability(level: LongTerm) + + "Stability: Long-term" + updateSamlIdentityProvider(id: String!, name: String!, signOnUrl: String!, idpCertificateInBase64: String, idpEntityId: String!, domains: [String!]!, groupMembershipAttribute: String, userAttribute: String, enableDebug: Boolean = false, + + "Only used internal" + adminAttribute: String, + + "Only used internal" + adminAttributeMatch: String, + + "If multiple Idp's are defined the default idp is used whenever redirecting to login" + defaultIdp: Boolean, + + "Only used internal" + humioOwned: Boolean, + + "Lazy create users during login" + lazyCreateUsers: Boolean, + + "An alternative certificate to be used for IdP signature validation. Useful for handling certificate rollover" + alternativeIdpCertificateInBase64: String, + + "The SAML metadata endpoint to fetch IdP signing certificate from" + metadataEndpointUrl: String): SamlIdentityProvider! @stability(level: LongTerm) + + """ + Updates a saved query. + Stability: Long-term + """ + updateSavedQuery(input: UpdateSavedQueryInput!): UpdateSavedQueryPayload! @stability(level: LongTerm) + + """ + Update a saved query from a YAML template. + Stability: Preview + """ + updateSavedQueryFromTemplate( + "Data for updating a saved query from a YAML template." + input: UpdateSavedQueryFromTemplateInput!): SavedQuery! @stability(level: Preview) + + """ + Update a scheduled report. Only the supplied property values are updated. + Stability: Long-term + """ + updateScheduledReport(input: UpdateScheduledReportInput!): ScheduledReport! @stability(level: LongTerm) + + "Update a scheduled search." + updateScheduledSearch( + "Data for updating a scheduled search" + input: UpdateScheduledSearch!): ScheduledSearch! @deprecated(reason: "[DEPRECATED: Does not support scheduled searches on @ingesttimestamp. Use 'updateScheduledSearchV3' instead. Will be removed at the earliest in version 1.237]") + + "Update a scheduled search." + updateScheduledSearchV2( + "Data for updating a scheduled search" + input: UpdateScheduledSearchV2!): ScheduledSearch! @deprecated(reason: "[DEPRECATED: Does not support the new field 'triggerOnEmptyResult'. Use 'updateScheduledSearchV3' instead. Will be removed at the earliest in version 1.249]") + + """ + Update a scheduled search. + Stability: Long-term + """ + updateScheduledSearchV3( + "Data for updating a scheduled search" + input: UpdateScheduledSearchV3!): ScheduledSearch! @stability(level: LongTerm) + + """ + Update a search link interaction. + Stability: Long-term + """ + updateSearchLinkInteraction(input: UpdateSearchLinkInteractionInput!): InteractionId! @stability(level: LongTerm) + + """ + Update session settings for the organization. + Stability: Short-term + """ + updateSessionSettings(input: SessionInput!): Organization! @stability(level: ShortTerm) + + """ + Set flags for UI states and help messages. + Stability: Preview + """ + updateSettings(isWelcomeMessageDismissed: Boolean, isGettingStartedMessageDismissed: Boolean, isCommunityMessageDismissed: Boolean, + + "DEPRECATED: Has no effect and will be removed later, from version 1.225 at the earliest." + isPackageDocsMessageDismissed: Boolean, isEventListOrderedWithNewestAtBottom: Boolean, isFieldPanelOpenByDefault: Boolean, automaticallySearch: Boolean, automaticallyHighlighting: Boolean, uiTheme: UiTheme, + + "DEPRECATED: Has no effect and will be removed later, from version 1.225 at the earliest." + isDarkModeMessageDismissed: Boolean, + + "DEPRECATED: Has no effect and will be removed later, from version 1.225 at the earliest." + isResizableQueryFieldMessageDismissed: Boolean, featureAnnouncementsToDismiss: [FeatureAnnouncement!], defaultTimeZone: String): UserSettings! @stability(level: Preview) + + """ + Update the shared dashboards security policies for the organization. Updating the policies will update or delete all existing tokens that do not fit into the changes. For instance, enforcing an IP filter will set the IP filter on all shared dashboard tokens. Disabling shared dashboard tokens, will delete all shared dashboard tokens. + Stability: Long-term + """ + updateSharedDashboardsSecurityPolicies(input: SharedDashboardsSecurityPoliciesInput!): Organization! @stability(level: LongTerm) + + """ + Update a Slack action. + Stability: Long-term + """ + updateSlackAction( + "Data for updating a Slack action" + input: UpdateSlackAction!): SlackAction! @stability(level: LongTerm) + + """ + Update a post-message Slack action. + Stability: Long-term + """ + updateSlackPostMessageAction( + "Data for updating a post-message Slack action" + input: UpdatePostMessageSlackAction!): SlackPostMessageAction! @stability(level: LongTerm) + + """ + Update the social login options for the organization + Stability: Preview + """ + updateSocialLoginSettings(input: [SocialLoginSettingsInput!]!): Organization! @stability(level: Preview) + + """ + Update the permissions of a system permission token. + Stability: Long-term + """ + updateSystemPermissionsTokenPermissions(input: UpdateSystemPermissionsTokenPermissionsInput!): String! @stability(level: LongTerm) + + """ + Update the token security policies for the organization. Updating the policies will update or delete all existing tokens that do not fit into the changes. For instance, enforcing an IP filter for personal user tokens will set the IP filter on all tokens of that type. Disabling a token type, will delete all tokens of that type. Finally setting an enforce expiration after will set that on all tokens that are above the interval and keep their current expiration if inside the interval. Tokens below the expiration will be deleted. + Stability: Long-term + """ + updateTokenSecurityPolicies(input: TokenSecurityPoliciesInput!): Organization! @stability(level: LongTerm) + + "Update an upload file action." + updateUploadFileAction( + "Data for updating an upload file action." + input: UpdateUploadFileAction!): UploadFileAction! @deprecated(reason: "[DEPRECATED: Does not support the new fields related to different update modes. Use 'updateUploadFileActionV2' instead. Will be removed at the earliest in version 1.219]") + + """ + Update an upload file action. + Stability: Long-term + """ + updateUploadFileActionV2( + "Data for updating an upload file action." + input: UpdateUploadFileActionV2!): UploadFileAction! @stability(level: LongTerm) + + """ + Updates a user. Requires Root Permission. + Stability: Long-term + """ + updateUser(input: AddUserInput!): UpdateUserMutation! @stability(level: LongTerm) + + """ + Updates a user. + Stability: Long-term + """ + updateUserById(input: UpdateUserByIdInput!): UpdateUserByIdMutation! @stability(level: LongTerm) + + """ + Update user default settings for the organization. + Stability: Short-term + """ + updateUserDefaultSettings(input: UserDefaultSettingsInput!): Organization! @stability(level: ShortTerm) + + """ + Update a VictorOps action. + Stability: Long-term + """ + updateVictorOpsAction( + "Data for updating a VictorOps action." + input: UpdateVictorOpsAction!): VictorOpsAction! @stability(level: LongTerm) + + """ + Update a view. + Stability: Long-term + """ + updateView(viewName: String!, connections: [ViewConnectionInput!]!): View! @stability(level: LongTerm) + + """ + Update the permissions of a view permission token. + Stability: Long-term + """ + updateViewPermissionsTokenPermissions(input: UpdateViewPermissionsTokenPermissionsInput!): String! @stability(level: LongTerm) + + """ + Update a webhook action. + Stability: Long-term + """ + updateWebhookAction( + "Data for updating a webhook action" + input: UpdateWebhookAction!): WebhookAction! @stability(level: LongTerm) + + """ + Upgrade the account. + Stability: Long-term + """ + upgradeAccount(input: UpgradeAccountData!): Boolean! @stability(level: LongTerm) +} + +type NeverDashboardUpdateFrequency { + "Stability: Long-term" + name: String! @stability(level: LongTerm) +} + +"This authentication type can be used to use LogScale without authentication. This should only be considered for testing and development purposes, it is not recommended for production systems and prevents LogScale from doing proper Audit Logging." +type NoAuthentication implements AuthenticationMethod { + "Stability: Preview" + name: String! @stability(level: Preview) +} + +"Assignable node task." +enum NodeTaskEnum { + digest + query +} + +"A widget get text, links, etc." +type NoteWidget implements Widget { + "Stability: Long-term" + backgroundColor: String @stability(level: LongTerm) + + "Stability: Long-term" + textColor: String @stability(level: LongTerm) + + "Stability: Long-term" + text: String! @stability(level: LongTerm) + + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + title: String! @stability(level: LongTerm) + + "Stability: Long-term" + description: String @stability(level: LongTerm) + + "Stability: Long-term" + x: Int! @stability(level: LongTerm) + + "Stability: Long-term" + y: Int! @stability(level: LongTerm) + + "Stability: Long-term" + width: Int! @stability(level: LongTerm) + + "Stability: Long-term" + height: Int! @stability(level: LongTerm) +} + +"A notification" +type Notification { + """ + The unique id for the notification + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + The title of the notification + Stability: Long-term + """ + title: String! @stability(level: LongTerm) + + """ + The message for the notification + Stability: Long-term + """ + message: String! @stability(level: LongTerm) + + """ + Whether the notification is dismissable + Stability: Long-term + """ + dismissable: Boolean! @stability(level: LongTerm) + + """ + The severity of the notification + Stability: Long-term + """ + severity: NotificationSeverity! @stability(level: LongTerm) + + """ + The type of the notification + Stability: Long-term + """ + type: NotificationTypes! @stability(level: LongTerm) + + """ + Link accompanying the notification + Stability: Long-term + """ + link: String @stability(level: LongTerm) + + """ + Description for the link + Stability: Long-term + """ + linkDescription: String @stability(level: LongTerm) +} + +input NotificationInput { + message: String! + target: Targets! + ids: [String!] + title: String! + dismissable: Boolean! + severity: NotificationSeverity! + link: String + linkDescription: String + notificationType: NotificationTypes! +} + +enum NotificationSeverity { + Success + Info + Warning + Error +} + +enum NotificationTypes { + Banner + Announcement + Bell +} + +"Paginated response for notifications." +type NotificationsResultSet { + """ + The total number of matching results + Stability: Long-term + """ + totalResults: Int! @stability(level: LongTerm) + + """ + The paginated result set + Stability: Long-term + """ + results: [Notification!]! @stability(level: LongTerm) +} + +"Authentication through OAuth Identity Providers." +type OAuthAuthentication implements AuthenticationMethod { + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + uiLoginFlow: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + google: OAuthProvider @stability(level: LongTerm) + + "Stability: Long-term" + github: OAuthProvider @stability(level: LongTerm) + + "Stability: Long-term" + bitbucket: OAuthProvider @stability(level: LongTerm) + + "Stability: Long-term" + oidc: OIDCProvider @stability(level: LongTerm) +} + +"An OAuth Identity Provider." +type OAuthProvider { + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + clientId: String! @stability(level: LongTerm) + + "Stability: Long-term" + redirectUrl: String! @stability(level: LongTerm) +} + +"An OIDC identity provider" +type OIDCProvider { + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + clientId: String! @stability(level: LongTerm) + + "Stability: Long-term" + redirectUrl: String! @stability(level: LongTerm) + + "Stability: Long-term" + authorizationEndpoint: String @stability(level: LongTerm) + + "Stability: Long-term" + serviceName: String @stability(level: LongTerm) + + "Stability: Long-term" + scopes: [String!]! @stability(level: LongTerm) + + "Stability: Long-term" + federatedIdp: String @stability(level: LongTerm) +} + +enum ObjectAction { + ReadOnlyAndHidden + ReadWriteAndVisible + Unknown +} + +input OidcConfigurationInput { + name: String! + clientID: String! + clientSecret: String! + issuer: String! + tokenEndpointAuthMethod: String! + authorizationEndpoint: String! + tokenEndpoint: String + userInfoEndpoint: String + registrationEndpoint: String + groupsClaim: String + JWKSEndpoint: String + domains: [String!]! + scopes: [String!]! + userClaim: String = "email" + enableDebug: Boolean! + defaultIdp: Boolean + humioOwned: Boolean + lazyCreateUsers: Boolean + federatedIdp: String + scopeClaim: String +} + +type OidcIdentityProvider implements IdentityProviderAuthentication { + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + clientId: String! @stability(level: LongTerm) + + "Stability: Long-term" + clientSecret: String! @stability(level: LongTerm) + + "Stability: Long-term" + domains: [String!]! @stability(level: LongTerm) + + "Stability: Long-term" + issuer: String! @stability(level: LongTerm) + + "Stability: Long-term" + tokenEndpointAuthMethod: String! @stability(level: LongTerm) + + "Stability: Long-term" + userClaim: String! @stability(level: LongTerm) + + "Stability: Long-term" + scopes: [String!]! @stability(level: LongTerm) + + "Stability: Long-term" + userInfoEndpoint: String @stability(level: LongTerm) + + "Stability: Long-term" + registrationEndpoint: String @stability(level: LongTerm) + + "Stability: Long-term" + tokenEndpoint: String @stability(level: LongTerm) + + "Stability: Long-term" + groupsClaim: String @stability(level: LongTerm) + + "Stability: Long-term" + jwksEndpoint: String @stability(level: LongTerm) + + "Stability: Long-term" + authenticationMethod: AuthenticationMethodAuth! @stability(level: LongTerm) + + "Stability: Long-term" + authorizationEndpoint: String @stability(level: LongTerm) + + "Stability: Long-term" + debug: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + federatedIdp: String @stability(level: LongTerm) + + "Stability: Long-term" + scopeClaim: String @stability(level: LongTerm) + + "Stability: Long-term" + defaultIdp: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + humioManaged: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + lazyCreateUsers: Boolean! @stability(level: LongTerm) +} + +type OidcIdentityProviderAuth implements AuthenticationMethodAuth { + "Stability: Long-term" + redirectUrl: String! @stability(level: LongTerm) + + "Stability: Long-term" + authType: String! @stability(level: LongTerm) + + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + scopes: [String!]! @stability(level: LongTerm) + + "Stability: Long-term" + serviceName: String! @stability(level: LongTerm) + + "Stability: Long-term" + authorizeEndpoint: String! @stability(level: LongTerm) + + "Stability: Long-term" + clientId: String! @stability(level: LongTerm) + + "Stability: Long-term" + federatedIdp: String @stability(level: LongTerm) +} + +"Represents information about a LogScale License." +type OnPremLicense implements License { + """ + The time at which the license expires. + Stability: Long-term + """ + expiresAt: DateTime! @stability(level: LongTerm) + + """ + The time at which the license was issued. + Stability: Long-term + """ + issuedAt: DateTime! @stability(level: LongTerm) + + """ + license id. + Stability: Long-term + """ + uid: String! @stability(level: LongTerm) + + """ + The maximum number of user accounts allowed in LogScale. Unlimited if undefined. + Stability: Long-term + """ + maxUsers: Int @stability(level: LongTerm) + + """ + The name of the entity the license was issued to. + Stability: Long-term + """ + owner: String! @stability(level: LongTerm) + + """ + Indicates whether the license allows running LogScale as a SaaS platform. + Stability: Long-term + """ + isSaaS: Boolean! @stability(level: LongTerm) + + """ + Indicates whether the license is an OEM license. + Stability: Long-term + """ + isOem: Boolean! @stability(level: LongTerm) +} + +type OnlyTotal { + "Stability: Short-term" + total: Int! @stability(level: ShortTerm) +} + +"An OpsGenie action" +type OpsGenieAction implements Action { + """ + OpsGenie webhook url to send the request to. + Stability: Long-term + """ + apiUrl: String! @stability(level: LongTerm) + + """ + Key to authenticate with OpsGenie. + Stability: Long-term + """ + genieKey: String! @stability(level: LongTerm) + + """ + Defines whether the action should use the configured HTTP proxy to send requests. + Stability: Long-term + """ + useProxy: Boolean! @stability(level: LongTerm) + + """ + The name of the action. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + The display name of the action. + Stability: Long-term + """ + displayName: String! @stability(level: LongTerm) + + """ + The id of the action. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + A template that can be used to recreate the action. + Stability: Long-term + """ + yamlTemplate: YAML! @stability(level: LongTerm) + + "Stability: Long-term" + packageId: VersionedPackageSpecifier @stability(level: LongTerm) + + """ + The package, if any, which the action is part of. + Stability: Long-term + """ + package: PackageInstallation @stability(level: LongTerm) + + """ + False if this type of action is disabled because of a security policy, true otherwise + Stability: Long-term + """ + isAllowedToRun: Boolean! @stability(level: LongTerm) + + """ + True if this action is used by triggers, where the query is run by the organization. If true, then the OrganizationOwnedQueries permission is required to edit the action. + Stability: Long-term + """ + requiresOrganizationOwnedQueriesPermissionToEdit: Boolean! @stability(level: LongTerm) + + """ + Allowed asset actions + Stability: Short-term + """ + allowedActions: [AssetAction!]! @stability(level: ShortTerm) + + """ + The resource identifier for this action. + Stability: Short-term + """ + resource: String! @stability(level: ShortTerm) + + """ + Metadata related to the creation of the action + Stability: Long-term + """ + createdInfo: AssetCommitMetadata @stability(level: LongTerm) + + """ + Metadata related to the latest modification of the action + Stability: Long-term + """ + modifiedInfo: AssetCommitMetadata @stability(level: LongTerm) + + """ + Labels to categorize the action. + Stability: Preview + """ + labels: [String!] @stability(level: Preview) +} + +enum OrderBy { + ASC + DESC +} + +"OrderByDirection" +enum OrderByDirection { + ASC + DESC +} + +"OrderByUserField" +enum OrderByUserField { + DISPLAYNAME + FULLNAME + USERNAME +} + +input OrderByUserFieldInput { + userField: OrderByUserField! + order: OrderByDirection! +} + +type OrgConfig { + """ + Organization ID + Stability: Short-term + """ + id: String! @stability(level: ShortTerm) + + """ + Organization name + Stability: Short-term + """ + name: String! @stability(level: ShortTerm) + + """ + bucket region + Stability: Short-term + """ + region: String! @stability(level: ShortTerm) + + "\nStability: Short-term" + bucket: String! @stability(level: ShortTerm) + + """ + bucket prefix + Stability: Short-term + """ + prefix: String! @stability(level: ShortTerm) +} + +"An Organization" +type Organization { + """ + The unique id for the Organization + Stability: Short-term + """ + id: String! @stability(level: ShortTerm) + + """ + The CID corresponding to the organization + Stability: Short-term + """ + cid: String @stability(level: ShortTerm) + + """ + The name for the Organization + Stability: Short-term + """ + name: String! @stability(level: ShortTerm) + + """ + The description for the Organization, can be null + Stability: Short-term + """ + description: String @stability(level: ShortTerm) + + """ + Details about the organization + Stability: Short-term + """ + details: OrganizationDetails! @stability(level: ShortTerm) + + """ + Stats of the organization + Stability: Short-term + """ + stats: OrganizationStats! @stability(level: ShortTerm) + + """ + Organization configurations and settings + Stability: Short-term + """ + configs: OrganizationConfigs! @stability(level: ShortTerm) + + """ + Search domains in the organization + Stability: Short-term + """ + searchDomains: [SearchDomain!]! @stability(level: ShortTerm) + + """ + IP filter for readonly dashboard links + Stability: Short-term + """ + readonlyDashboardIPFilter: String @stability(level: ShortTerm) + + """ + Created date + Stability: Short-term + """ + createdAt: Long @stability(level: ShortTerm) + + """ + If the organization has been marked for deletion, this indicates the day it was deleted. + Stability: Short-term + """ + deletedAt: Long @stability(level: ShortTerm) + + """ + Trial started at + Stability: Short-term + """ + trialStartedAt: Long @stability(level: ShortTerm) + + """ + Public url for the Organization + Stability: Short-term + """ + publicUrl: String @stability(level: ShortTerm) + + """ + Ingest url for the Organization + Stability: Short-term + """ + ingestUrl: String @stability(level: ShortTerm) + + """ + Check if the current user has a given permission in the organization. + Stability: Short-term + """ + isActionAllowed( + "The action to check if a user is allowed to perform on an organization." + action: OrganizationAction!): Boolean! @stability(level: ShortTerm) + + """ + Limits assigned to the organization + Stability: Short-term + """ + limits: [Limit!]! @stability(level: ShortTerm) + + """ + Limits assigned to the organizations + Stability: Short-term + """ + limitsV2: [LimitV2!]! @stability(level: ShortTerm) + + "Stability: Short-term" + externalPermissions: Boolean! @stability(level: ShortTerm) + + "Stability: Short-term" + externalGroupSynchronization: Boolean! @stability(level: ShortTerm) + + """ + The default cache policy of this organization. + Stability: Preview + """ + defaultCachePolicy: CachePolicy @stability(level: Preview) +} + +"Actions a user may perform on an organization." +enum OrganizationAction { + AdministerPermissions + CreateRepository + CreateView + ChangeReadOnlyDashboardFilter + CreateUser + ConfigureIdp + ChangeSessions + ChangeOrganizationSettings + CreateTrialRepository + UseCustomEmailTemplate + ViewLoginBridge + ViewUsage + ConfigureIPFilters + DeleteRepositoryOrView + ChangeFleetManagement + ViewFleetManagement + UseRemoteUpdates + UseFleetRemoteDebug + UseFleetEphemeralHosts + UseFleetLabels + ChangeTriggersToRunAsOtherUsers + ChangeEventForwarders + ViewRunningQueries + BlockQueries + AdministerTokens + ManageUsers + ViewIpFilters + DownloadMacOsInstaller + ChangeSecurityPolicies + QueryAssistant + OrganizationQueryOwnershipEnabled @deprecated(reason: "[DEPRECATED: The OrganizationQueryOwnership feature is now always enabled. Will be removed at the earliest in version 1.201]") + UsePersonalToken + ChangeExternalFunctions + AddFederatedView + ViewFalconDataConnectorUrl + ManageSchemas + + "Stability: Preview" + ExternalFunctionsEnabled @stability(level: Preview) + ViewOrganizationSettings + ViewSecurityPolicies + ViewSessionSettings + ViewUsers + ViewPermissions + ViewIdp + ViewOrganizationTokens + ViewDeletedRepositoriesOrViews + ViewEventForwarders + ViewSchemas + UseFleetOverviewDashboards + UseFleetDashboardsPage + UseFleetTablePageUI + + "Stability: Preview" + GranularPermissionsUI @stability(level: Preview) + UseFleetMetricsMigration + SwitchToCollectorIdOverMachineId + UseEnableLcUpdateCache +} + +"Configurations for the organization" +type OrganizationConfigs { + """ + Session settings + Stability: Short-term + """ + session: OrganizationSession! @stability(level: ShortTerm) + + """ + Social login settings + Stability: Short-term + """ + socialLogin: [SocialLoginSettings!]! @stability(level: ShortTerm) + + """ + Subdomain configuration for the organization + Stability: Short-term + """ + subdomains: SubdomainConfig @stability(level: ShortTerm) + + """ + Bucket storage configuration for the organization + Stability: Short-term + """ + bucketStorage: BucketStorageConfig @stability(level: ShortTerm) + + """ + Security policies for actions in the organization + Stability: Short-term + """ + actions: ActionSecurityPolicies @stability(level: ShortTerm) + + """ + Security policies for tokens in the organization + Stability: Short-term + """ + tokens: TokenSecurityPolicies @stability(level: ShortTerm) + + """ + Security policies for shared dashboard tokens in the organization + Stability: Short-term + """ + sharedDashboards: SharedDashboardsSecurityPolicies @stability(level: ShortTerm) + + """ + Login bridge + Stability: Short-term + """ + loginBridge: LoginBridge @stability(level: ShortTerm) + + """ + Whether the organization is currently blocking ingest + Stability: Short-term + """ + blockingIngest: Boolean! @stability(level: ShortTerm) + + """ + Default timezone to use for users without a default timezone set. + Stability: Short-term + """ + defaultTimeZone: String @stability(level: ShortTerm) +} + +"Details about the organization" +type OrganizationDetails { + """ + Notes of the organization (root only) + Stability: Short-term + """ + notes: String! @stability(level: ShortTerm) + + """ + Industry of the organization + Stability: Short-term + """ + industry: String! @stability(level: ShortTerm) + + """ + Industry of the organization + Stability: Short-term + """ + useCases: [Organizations__UseCases!]! @stability(level: ShortTerm) + + """ + Subscription of the organization + Stability: Short-term + """ + subscription: Organizations__Subscription! @stability(level: ShortTerm) + + """ + Trial end date of the organization if any + Stability: Short-term + """ + trialEndDate: Long @stability(level: ShortTerm) + + """ + Limits of the organization + Stability: Short-term + """ + limits: OrganizationLimits! @stability(level: ShortTerm) + + """ + The country of the organization + Stability: Short-term + """ + country: String! @stability(level: ShortTerm) + + """ + Determines whether an organization has access to IOCs (indicators of compromise) + Stability: Short-term + """ + iocAccess: Boolean @stability(level: ShortTerm) +} + +"Limits of the organization" +type OrganizationLimits { + """ + Daily ingest allowed + Stability: Short-term + """ + dailyIngest: Long! @stability(level: ShortTerm) + + """ + Days of retention allowed + Stability: Short-term + """ + retention: Int! @stability(level: ShortTerm) + + """ + Max amount of users allowed + Stability: Short-term + """ + users: Int! @stability(level: ShortTerm) + + """ + License expiration date + Stability: Short-term + """ + licenseExpirationDate: Long @stability(level: ShortTerm) + + """ + Whether self service is enabled for the Organization, allowing features like creating repositories and setting retention. + Stability: Short-term + """ + allowSelfService: Boolean! @stability(level: ShortTerm) + + """ + Last contract synchronization date + Stability: Short-term + """ + lastSyncDate: Long @stability(level: ShortTerm) + + """ + Whether the contract is missing for the organization. None for non accounts, true if account and has no contract and false if contract was found and used. + Stability: Short-term + """ + missingContract: Boolean @stability(level: ShortTerm) + + """ + Contract version + Stability: Short-term + """ + contractVersion: Organizations__ContractVersion! @stability(level: ShortTerm) +} + +input OrganizationLimitsInput { + "Ingest in bytes" + ingest: Long! + + "Retention in days" + retention: Int! + users: Int! + expiration: Long! + allowSelfService: Boolean + contractVersion: Organizations__ContractVersion +} + +"A link between two organizations" +type OrganizationLink { + "Stability: Preview" + parentOrganization: Organization! @stability(level: Preview) + + "Stability: Preview" + childOrganization: Organization! @stability(level: Preview) +} + +"Organization management permissions" +enum OrganizationManagementPermission { + ManageSpecificOrganizations +} + +enum OrganizationMode { + Single + Multi + MultiV2 +} + +"Query running with organization based ownership" +type OrganizationOwnership implements QueryOwnership { + """ + Organization owning and running the query + Stability: Long-term + """ + organization: Organization! @stability(level: LongTerm) + + """ + Id of organization owning and running the query + Stability: Long-term + """ + id: String! @stability(level: LongTerm) +} + +"Organization permissions" +enum OrganizationPermission { + GenerateQueryExplanations + ExportOrganization + ChangeOrganizationPermissions + ChangeIdentityProviders + CreateRepository + ManageUsers + ViewUsage + ChangeOrganizationSettings + ChangeIPFilters + ChangeSessions + ChangeAllViewOrRepositoryPermissions + IngestAcrossAllReposWithinOrganization + DeleteAllRepositories + DeleteAllViews + ViewAllInternalNotifications + ChangeFleetManagement + ViewFleetManagement + ChangeTriggersToRunAsOtherUsers + MonitorQueries + BlockQueries + ChangeSecurityPolicies + ChangeExternalFunctions + ChangeFieldAliases + ManageViewConnections +} + +"Organization permissions token. The token allows the caller to work with organization-level permissions." +type OrganizationPermissionsToken implements Token { + """ + The set of permissions on the token + Stability: Long-term + """ + permissions: [String!]! @stability(level: LongTerm) + + """ + The id of the token. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + The name of the token. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + The time at which the token expires. + Stability: Long-term + """ + expireAt: Long @stability(level: LongTerm) + + """ + The ip filter on the token. + Stability: Long-term + """ + ipFilter: String @stability(level: LongTerm) + + """ + The ip filter on the token. + Stability: Long-term + """ + ipFilterV2: IPFilter @stability(level: LongTerm) + + """ + The date the token was created. + Stability: Long-term + """ + createdAt: Long! @stability(level: LongTerm) +} + +"An organization search result entry" +type OrganizationSearchResultEntry { + """ + The unique id for the Organization + Stability: Short-term + """ + organizationId: String! @stability(level: ShortTerm) + + """ + The name of the Organization + Stability: Short-term + """ + organizationName: String! @stability(level: ShortTerm) + + """ + The string matching the search + Stability: Short-term + """ + searchMatch: String! @stability(level: ShortTerm) + + """ + The id of the entity matched + Stability: Short-term + """ + entityId: String! @stability(level: ShortTerm) + + """ + The subscription type of the organization + Stability: Short-term + """ + subscription: Organizations__Subscription! @stability(level: ShortTerm) + + """ + The type of the search result match + Stability: Short-term + """ + type: Organizations__SearchEntryType! @stability(level: ShortTerm) + + """ + The amount of users in the organization + Stability: Short-term + """ + userCount: Int! @stability(level: ShortTerm) + + """ + The amount of repositories and views in the organization + Stability: Short-term + """ + viewCount: Int! @stability(level: ShortTerm) + + """ + The total data volume in bytes that the organization is currently using + Stability: Short-term + """ + byteVolume: Long! @stability(level: ShortTerm) + + """ + The end date of the trial if applicable + Stability: Short-term + """ + trialEndDate: Long @stability(level: ShortTerm) + + """ + The time when the organization was created + Stability: Short-term + """ + createdAt: Long! @stability(level: ShortTerm) + + """ + If the organization has been marked for deletion, this indicates the time when the organization was marked. + Stability: Short-term + """ + deletedAt: Long @stability(level: ShortTerm) + + """ + The relevant organization for the result + Stability: Short-term + """ + organization: Organization! @stability(level: ShortTerm) +} + +"An organization search result set" +type OrganizationSearchResultSet { + """ + The total number of matching results + Stability: Short-term + """ + totalResults: Int! @stability(level: ShortTerm) + + """ + The paginated result set + Stability: Short-term + """ + results: [OrganizationSearchResultEntry!]! @stability(level: ShortTerm) +} + +"Session configuration for the organization" +type OrganizationSession { + """ + The maximum time in ms the user is allowed to be inactive + Stability: Long-term + """ + maxInactivityPeriod: Long! @stability(level: LongTerm) + + """ + The time in ms after which the user is forced to reauthenticate + Stability: Long-term + """ + forceReauthenticationAfter: Long! @stability(level: LongTerm) +} + +"Stats of the organization" +type OrganizationStats { + """ + Total compressed data volume used by the organization + Stability: Short-term + """ + dataVolumeCompressed: Long! @stability(level: ShortTerm) + + """ + Total data volume used by the organization + Stability: Short-term + """ + dataVolume: Long! @stability(level: ShortTerm) + + """ + The total daily ingest of the organization + Stability: Short-term + """ + dailyIngest: Long! @stability(level: ShortTerm) + + """ + The number of users in the organization + Stability: Short-term + """ + userCount: Int! @stability(level: ShortTerm) +} + +enum OrganizationsLinks__SortBy { + Cid + Name + OrgId +} + +enum Organizations__ContractVersion { + Unknown + Version1 + Version2 +} + +enum Organizations__ContractualType { + Limited + Unlimited + Ignored +} + +enum Organizations__ForeignType { + Group + Idp + Role + Unknown + User + View +} + +enum Organizations__MeasurementType { + SegmentWriteSize + ProcessedEventsSize +} + +enum Organizations__Operation { + Add + Remove +} + +enum Organizations__SearchEntryType { + Organization + Repository + User + View +} + +enum Organizations__SortBy { + UserCount + Name + Volume + ViewCount + Subscription + CreatedAt +} + +enum Organizations__Subscription { + Paying + Trial + PreTrial + PostTrial + UnlimitedPoC + ClusterOwner + Complementary + OnPremMonitor + MissingTOSAcceptance + CommunityLocked + CommunityUnlocked + Partner + Internal + Churned + Unknown +} + +enum Organizations__UseCases { + ApplicationDevelopment + IoT + Operations + Security + Unknown +} + +"An event produced by a parser in a test run" +type OutputEvent { + """ + The fields of the event + Stability: Long-term + """ + fields: [EventField!]! @stability(level: LongTerm) +} + +"A Humio package" +type Package2 { + "Stability: Long-term" + id: VersionedPackageSpecifier! @stability(level: LongTerm) + + "Stability: Long-term" + scope: PackageScope! @stability(level: LongTerm) + + "Stability: Long-term" + name: PackageName! @stability(level: LongTerm) + + "Stability: Long-term" + version: PackageVersion! @stability(level: LongTerm) + + "Stability: Long-term" + description: String @stability(level: LongTerm) + + "Stability: Long-term" + iconUrl: UrlOrData @stability(level: LongTerm) + + "Stability: Long-term" + author: PackageAuthor! @stability(level: LongTerm) + + "Stability: Long-term" + contributors: [PackageAuthor!]! @stability(level: LongTerm) + + "Stability: Long-term" + licenseUrl: URL! @stability(level: LongTerm) + + "Stability: Long-term" + minHumioVersion: SemanticVersion! @stability(level: LongTerm) + + "Stability: Long-term" + readme: Markdown @stability(level: LongTerm) + + "Stability: Long-term" + dashboardTemplates: [DashboardTemplate!]! @stability(level: LongTerm) + + "Stability: Long-term" + savedQueryTemplates: [SavedQueryTemplate!]! @stability(level: LongTerm) + + "Stability: Long-term" + parserTemplates: [ParserTemplate!]! @stability(level: LongTerm) + + "Stability: Long-term" + alertTemplates: [AlertTemplate!]! @stability(level: LongTerm) + + "Stability: Long-term" + filterAlertTemplates: [FilterAlertTemplate!]! @stability(level: LongTerm) + + "Stability: Long-term" + aggregateAlertTemplates: [AggregateAlertTemplate!]! @stability(level: LongTerm) + + "Stability: Long-term" + lookupFileTemplates: [LookupFileTemplate!]! @stability(level: LongTerm) + + "Stability: Long-term" + actionTemplates: [ActionTemplate!]! @stability(level: LongTerm) + + "Stability: Long-term" + scheduledSearchTemplates: [ScheduledSearchTemplate!]! @stability(level: LongTerm) + + "Stability: Long-term" + viewInteractionTemplates: [ViewInteractionTemplate!]! @stability(level: LongTerm) + + "Stability: Long-term" + type: PackageType! @stability(level: LongTerm) + + """ + The available versions of the package on the marketplace. + Stability: Long-term + """ + versionsOnMarketplace: [RegistryPackageVersionInfo!]! @stability(level: LongTerm) +} + +"The author of a package." +type PackageAuthor { + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + email: Email @stability(level: LongTerm) +} + +"A package installation." +type PackageInstallation { + "Stability: Long-term" + id: VersionedPackageSpecifier! @stability(level: LongTerm) + + "Stability: Long-term" + installedBy: UserAndTimestamp! @stability(level: LongTerm) + + "Stability: Long-term" + updatedBy: UserAndTimestamp! @stability(level: LongTerm) + + "Stability: Long-term" + source: PackageInstallationSourceType! @stability(level: LongTerm) + + """ + Finds updates on a package. It also looks for updates on packages that were installed manually, in case e.g. test versions of a package have been distributed prior to the full release. + Stability: Long-term + """ + availableUpdate: PackageVersion @stability(level: LongTerm) + + "Stability: Long-term" + package: Package2! @stability(level: LongTerm) +} + +enum PackageInstallationSourceType { + "Stability: Long-term" + HumioHub @stability(level: LongTerm) + + "Stability: Long-term" + ZipFile @stability(level: LongTerm) + + "Stability: Short-term" + LogScaleAssetResolutionService @stability(level: ShortTerm) +} + +scalar PackageName + +"Information about a package that matches a search in a package registry." +type PackageRegistrySearchResultItem { + "Stability: Long-term" + id: VersionedPackageSpecifier! @stability(level: LongTerm) + + "Stability: Long-term" + description: String @stability(level: LongTerm) + + "Stability: Long-term" + iconUrl: UrlOrData @stability(level: LongTerm) + + "Stability: Long-term" + type: PackageType! @stability(level: LongTerm) + + "Stability: Long-term" + installedVersion: VersionedPackageSpecifier @stability(level: LongTerm) + + """ + True if the current version of LogScale supports the latest version of this package. + Stability: Long-term + """ + isLatestVersionSupported: Boolean! @stability(level: LongTerm) + + """ + The version of LogScale required to run the latest version of this package. + Stability: Long-term + """ + minHumioVersionOfLatest: SemanticVersion! @stability(level: LongTerm) +} + +scalar PackageScope + +scalar PackageTag + +enum PackageType { + "Stability: Long-term" + application @stability(level: LongTerm) + + "Stability: Long-term" + library @stability(level: LongTerm) +} + +type PackageUpdateResult { + "Stability: Long-term" + package: Package2! @stability(level: LongTerm) +} + +scalar PackageVersion + +type PackagesResult { + """ + Packages associated with the Entity Type(s) provided. Returns a maximum of 1000 distinct packages + Stability: Short-term + """ + packages: [VersionedPackageSpecifier!]! @stability(level: ShortTerm) + + """ + The total number of distinct packages that exist + Stability: Short-term + """ + totalCount: Int! @stability(level: ShortTerm) +} + +type PageType { + "Stability: Long-term" + number: Int! @stability(level: LongTerm) + + "Stability: Long-term" + totalNumberOfRows: Int! @stability(level: LongTerm) + + "Stability: Long-term" + total: Int! @stability(level: LongTerm) +} + +"A PagerDuty action." +type PagerDutyAction implements Action { + """ + Severity level to give to the message. + Stability: Long-term + """ + severity: String! @stability(level: LongTerm) + + """ + Routing key to authenticate with PagerDuty. + Stability: Long-term + """ + routingKey: String! @stability(level: LongTerm) + + """ + Defines whether the action should use the configured HTTP proxy to send requests. + Stability: Long-term + """ + useProxy: Boolean! @stability(level: LongTerm) + + """ + The name of the action. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + The display name of the action. + Stability: Long-term + """ + displayName: String! @stability(level: LongTerm) + + """ + The id of the action. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + A template that can be used to recreate the action. + Stability: Long-term + """ + yamlTemplate: YAML! @stability(level: LongTerm) + + "Stability: Long-term" + packageId: VersionedPackageSpecifier @stability(level: LongTerm) + + """ + The package, if any, which the action is part of. + Stability: Long-term + """ + package: PackageInstallation @stability(level: LongTerm) + + """ + False if this type of action is disabled because of a security policy, true otherwise + Stability: Long-term + """ + isAllowedToRun: Boolean! @stability(level: LongTerm) + + """ + True if this action is used by triggers, where the query is run by the organization. If true, then the OrganizationOwnedQueries permission is required to edit the action. + Stability: Long-term + """ + requiresOrganizationOwnedQueriesPermissionToEdit: Boolean! @stability(level: LongTerm) + + """ + Allowed asset actions + Stability: Short-term + """ + allowedActions: [AssetAction!]! @stability(level: ShortTerm) + + """ + The resource identifier for this action. + Stability: Short-term + """ + resource: String! @stability(level: ShortTerm) + + """ + Metadata related to the creation of the action + Stability: Long-term + """ + createdInfo: AssetCommitMetadata @stability(level: LongTerm) + + """ + Metadata related to the latest modification of the action + Stability: Long-term + """ + modifiedInfo: AssetCommitMetadata @stability(level: LongTerm) + + """ + Labels to categorize the action. + Stability: Preview + """ + labels: [String!] @stability(level: Preview) +} + +input ParameterFilePropertiesInput { + fileName: String! + valueColumn: String! + labelColumn: String + valueFilters: [ParameterFileValueFilter!]! + invalidInputPatterns: [String!] + invalidInputMessage: String +} + +input ParameterFileValueFilter { + field: String! + values: [String!]! +} + +input ParameterFixedListOption { + label: String! + value: String! +} + +input ParameterFixedListPropertiesInput { + values: [ParameterFixedListOption!]! +} + +input ParameterFreeTextPropertiesInput { + invalidInputPatterns: [String!] + invalidInputMessage: String +} + +input ParameterInput { + id: String! + label: String! + defaultValue: String + order: Int + width: Int + freeTextOptions: ParameterFreeTextPropertiesInput + queryOptions: ParameterQueryPropertiesInput + fixedListOptions: ParameterFixedListPropertiesInput + fileOptions: ParameterFilePropertiesInput + + "Stability: Preview" + isMultiParam: Boolean @stability(level: Preview) + + "Stability: Preview" + defaultMultiValues: [String!] @stability(level: Preview) +} + +"A widget that contains dashboard parameters." +type ParameterPanel implements Widget { + "Stability: Long-term" + parameterIds: [String!]! @stability(level: LongTerm) + + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + title: String! @stability(level: LongTerm) + + "Stability: Long-term" + description: String @stability(level: LongTerm) + + "Stability: Long-term" + x: Int! @stability(level: LongTerm) + + "Stability: Long-term" + y: Int! @stability(level: LongTerm) + + "Stability: Long-term" + width: Int! @stability(level: LongTerm) + + "Stability: Long-term" + height: Int! @stability(level: LongTerm) +} + +input ParameterQueryPropertiesInput { + queryString: String! + timeWindow: String! + optionValueField: String! + optionLabelField: String! + useDashboardTimeIfSet: Boolean! + invalidInputPatterns: [String!] + invalidInputMessage: String +} + +"The specification of a parameter" +input ParameterSpecificationInput { + "The name of the parameter" + name: String! + + "The type of the parameter" + parameterType: ParameterTypeEnum! + + "Restricts the smallest allowed value for parameters of type Long" + minLong: Long + + "Restricts the largest allowed value for parameters of type Long" + maxLong: Long + + " Restricts the smallest allowed value for parameters of type Double" + minDouble: Float + + "Restricts the largest allowed value for parameters of type Double" + maxDouble: Float + + "Restricts the minimum number of allowed elements for parameters of type Array" + minLength: Int + + "Defines a default value of the parameter" + defaultValue: [String!] +} + +"The specification of a parameter" +type ParameterSpecificationOutput { + """ + The name of the parameter + Stability: Preview + """ + name: String! @stability(level: Preview) + + """ + The type of the parameter + Stability: Preview + """ + parameterType: ParameterTypeEnum! @stability(level: Preview) + + """ + Restricts the smallest allowed value for parameters of type Long + Stability: Preview + """ + minLong: Long @stability(level: Preview) + + """ + Restricts the largest allowed value for parameters of type Long + Stability: Preview + """ + maxLong: Long @stability(level: Preview) + + """ + Restricts the smallest allowed value for parameters of type Double + Stability: Preview + """ + minDouble: Float @stability(level: Preview) + + """ + Restricts the largest allowed value for parameters of type Double + Stability: Preview + """ + maxDouble: Float @stability(level: Preview) + + """ + Restricts the minimum number of allowed elements for parameters of type Array + Stability: Preview + """ + minLength: Int @stability(level: Preview) + + """ + Defines a default value of the parameter + Stability: Preview + """ + defaultValue: [String!] @stability(level: Preview) +} + +"The parameter types" +enum ParameterTypeEnum { + Field + String + Long + Double + ArrayField + ArrayString + ArrayLong + ArrayDouble +} + +"Parameter value configuration." +type ParameterValue { + """ + Id of the parameter. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + Value of the parameter. + Stability: Long-term + """ + value: String! @stability(level: LongTerm) +} + +"An organization search result set" +type ParentOrganizationsResultSet { + """ + The total number of matching results + Stability: Preview + """ + totalResults: Int! @stability(level: Preview) + + """ + The paginated result set + Stability: Preview + """ + results: [Organization!]! @stability(level: Preview) +} + +"A configured parser for incoming data." +type Parser { + """ + The id of the parser. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + Name of the parser. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + The full name of the parser including package information if part of an application. + Stability: Long-term + """ + displayName: String! @stability(level: LongTerm) + + """ + The description of the parser. + Stability: Long-term + """ + description: String @stability(level: LongTerm) + + """ + True if the parser is one of LogScale's built-in parsers. + Stability: Long-term + """ + isBuiltIn: Boolean! @stability(level: LongTerm) + + """ + True if the parser is one of LogScale's built-in parsers, and it is overridden by a custom parser. + Stability: Preview + """ + isOverridden: Boolean! @stability(level: Preview) + + """ + True if the parser is overrides one of LogScale's built-in parsers. + Stability: Preview + """ + overridesBuiltInParser: Boolean! @stability(level: Preview) + + """ + The parser script that is executed for every incoming event. + Stability: Long-term + """ + script: String! @stability(level: LongTerm) + + "Stability: Long-term" + languageVersion: LanguageVersion! @stability(level: LongTerm) + + """ + Fields that are used as tags. + Stability: Long-term + """ + fieldsToTag: [String!]! @stability(level: LongTerm) + + """ + A list of fields that will be removed from the event before it's parsed. These fields will not be included when calculating usage. + Stability: Long-term + """ + fieldsToBeRemovedBeforeParsing: [String!]! @stability(level: LongTerm) + + """ + A template that can be used to recreate the parser. + Stability: Long-term + """ + yamlTemplate: YAML! @stability(level: LongTerm) + + """ + Test cases that can be used to help verify that the parser works as expected. + Stability: Long-term + """ + testCases: [ParserTestCase!]! @stability(level: LongTerm) + + "Stability: Long-term" + packageId: VersionedPackageSpecifier @stability(level: LongTerm) + + "Stability: Long-term" + package: PackageInstallation @stability(level: LongTerm) + + """ + The origin of a parser. Can either be "Built in", "Local" or a package. + Stability: Preview + """ + originDisplayString: String! @stability(level: Preview) + + """ + Metadata related to the creation of the parser + Stability: Long-term + """ + createdInfo: AssetCommitMetadata @stability(level: LongTerm) + + """ + Metadata related to the latest modification of the parser + Stability: Long-term + """ + modifiedInfo: AssetCommitMetadata @stability(level: LongTerm) +} + +"A parser" +type ParserEntry { + "Stability: Long-term" + parser: Parser! @stability(level: LongTerm) + + "Stability: Preview" + view: SearchDomain! @stability(level: Preview) +} + +type ParserTemplate { + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + displayName: String! @stability(level: LongTerm) + + "Stability: Long-term" + yamlTemplate: String! @stability(level: LongTerm) +} + +"A test case for a parser." +type ParserTestCase { + """ + The event to parse and test on. + Stability: Long-term + """ + event: ParserTestEvent! @stability(level: LongTerm) + + """ + Assertions on the shape of the test case output events. The list consists of key-value pairs to be treated as a map-construct, where the index of the output event is the key, and the assertions are the value. + Stability: Long-term + """ + outputAssertions: [ParserTestCaseAssertionsForOutput!]! @stability(level: LongTerm) +} + +"Assertions on the shape of the given output event. It is a key-value pair, where the index of the output event is the key, and the assertions are the value." +type ParserTestCaseAssertionsForOutput { + """ + The index of the output event which the assertions should apply to. + Stability: Long-term + """ + outputEventIndex: Int! @stability(level: LongTerm) + + """ + Assertions on the shape of a given test case output event. + Stability: Long-term + """ + assertions: ParserTestCaseOutputAssertions! @stability(level: LongTerm) +} + +"Assertions on the shape of a given test case output event. It is a key-pair value, where the index of the output event is the key, and the assertions are the value." +input ParserTestCaseAssertionsForOutputInput { + "The index of the output event which the assertions should apply to." + outputEventIndex: Int! + + "Assertions on the shape of a given test case output event." + assertions: ParserTestCaseOutputAssertionsInput! +} + +"Contains any test failures that relates to a specific output event. This is a key-value pair, where the index of the output event is the key, and the failures are the value." +type ParserTestCaseFailuresForOutput { + """ + The index of the output event which these failures pertain to. Note that there may be failures pointing to non-existing output events, if e.g. an assertion was made on an output event which was not produced. + Stability: Long-term + """ + outputEventIndex: Int! @stability(level: LongTerm) + + """ + Failures for the output event. + Stability: Long-term + """ + failures: ParserTestCaseOutputFailures! @stability(level: LongTerm) +} + +"A test case for a parser." +input ParserTestCaseInput { + "The event to parse and test on." + event: ParserTestEventInput! + + "Assertions on the shape of the test case output events. The list consists of key-value pairs to be treated as a map-construct, where the index of the output event is the key, and the assertions are the value." + outputAssertions: [ParserTestCaseAssertionsForOutputInput!] = [] +} + +"Assertions on the shape of a given test case output event." +type ParserTestCaseOutputAssertions { + """ + Names of fields which should not be present on the output event. + Stability: Long-term + """ + fieldsNotPresent: [String!]! @stability(level: LongTerm) + + """ + Names of fields and their expected value on the output event. These are key-value pairs, and should be treated as a map-construct. + Stability: Long-term + """ + fieldsHaveValues: [FieldHasValue!]! @stability(level: LongTerm) +} + +"Assertions on the shape of a given test case output event." +input ParserTestCaseOutputAssertionsInput { + "Names of fields which should not be present on the output event." + fieldsNotPresent: [String!] = [] + + "Names of fields and their expected value on the output event. These are key-value pairs, and should be treated as a map-construct." + fieldsHaveValues: [FieldHasValueInput!] = [] +} + +"Failures for an output event." +type ParserTestCaseOutputFailures { + """ + Any errors produced by the parser when creating an output event. + Stability: Long-term + """ + parsingErrors: [String!]! @stability(level: LongTerm) + + """ + Any assertion failures on the given output event. Note that all assertion failures can be uniquely identified by the output event index and the field name they operate on. + Stability: Long-term + """ + assertionFailuresOnFields: [AssertionFailureOnField!]! @stability(level: LongTerm) + + """ + Fields where the name begins with `#` even though they are not a tag. In LogScale, field names beginning with `#` are treated specially, and should only be constructed through the tagging mechanism. Fields which do begin with `#`, but are not proper tags, will be effectively unsearchable. + Stability: Short-term + """ + falselyTaggedFields: [String!]! @stability(level: ShortTerm) + + """ + Any arrays with gaps in them. That is, if the fields `a[0]` and `a[2]` exist on an event, but not `a[1]`, we consider the array `a` to have a gap. This means LogScale will not include the `a[2]` field when doing array-based searches, since it considers `a[0]` to be the last element of the array. + Stability: Short-term + """ + arraysWithGaps: [ArrayWithGap!]! @stability(level: ShortTerm) + + """ + Returns violations of a schema, given that a schema has been provided in the request. + Stability: Short-term + """ + schemaViolations: [SchemaViolation!]! @stability(level: ShortTerm) +} + +"The output for parsing and verifying a test case" +type ParserTestCaseResult { + """ + The events produced by the parser. Contains zero to many events, as a parser can both drop events, or produce multiple output events from a single input. + Stability: Long-term + """ + outputEvents: [OutputEvent!]! @stability(level: LongTerm) + + """ + Any failures produced during testing. If the list is empty, the test case can be considered to have passed. If the list contains elements, they are key-value pairs to be treated as a map-construct, where the index of the output event is the key, and the failures are the value. + Stability: Long-term + """ + outputFailures: [ParserTestCaseFailuresForOutput!]! @stability(level: LongTerm) +} + +"An event for a parser to parse during testing." +type ParserTestEvent { + """ + The contents of the `@rawstring` field when the event begins parsing. + Stability: Long-term + """ + rawString: String! @stability(level: LongTerm) +} + +"An event for a parser to parse during testing." +input ParserTestEventInput { + "The contents of the `@rawstring` field when the event begins parsing." + rawString: String! +} + +"A parser test result, where an unexpected error occurred during parsing." +type ParserTestRunAborted { + "Stability: Long-term" + errorMessage: String! @stability(level: LongTerm) +} + +"A parser test result, where all test cases were parsed and assertions run. Each result is given in the same order as the test cases were put in, so they can be matched by index." +type ParserTestRunCompleted { + """ + The results for running each test case. + Stability: Long-term + """ + results: [ParserTestCaseResult!]! @stability(level: LongTerm) +} + +"Input for testing a parser" +input ParserTestRunInput { + "The name of the repository the parser is located in. This is part of the test output in the `#repo` field in each parsed event." + repositoryName: RepoOrViewName! + + "The name of the parser. This is part of the test output in the `#type` field in each parsed event." + parserName: String! + + "The id of the package the parser is part of. This is used to properly resolve dependencies when testing the parser" + packageId: UnversionedPackageSpecifier + + "The parser script that is executed for every incoming event." + script: String! + + "Fields that are used as tags." + fieldsToTag: [String!]! + + "A list of fields that will be removed from the event before it's parsed. These fields will not be included when calculating usage." + fieldsToBeRemovedBeforeParsing: [String!]! + + "The test cases to run the parsing script against." + testCases: [ParserTestCaseInput!]! + + "A specific language version." + languageVersion: LanguageVersionInputType = {name: "legacy"} + + "YAML specification of schema to validate parser output against" + schema: YAML + + "Name of the used schema" + schemaName: Schema +} + +"The output of running all the parser test cases." +union ParserTestRunOutput = ParserTestRunCompleted | ParserTestRunAborted + +"A pending user. I.e. a user that was invited to join an organization." +type PendingUser { + """ + The id or token for the pending user + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + Whether IDP is enabled for the organization + Stability: Long-term + """ + idp: Boolean! @stability(level: LongTerm) + + """ + The time the pending user was created + Stability: Long-term + """ + createdAt: Long! @stability(level: LongTerm) + + """ + The email of the user that invited the pending user + Stability: Long-term + """ + invitedByEmail: String! @stability(level: LongTerm) + + """ + The name of the user that invited the pending user + Stability: Long-term + """ + invitedByName: String! @stability(level: LongTerm) + + """ + The name of the organization the pending user is about to join + Stability: Long-term + """ + orgName: String! @stability(level: LongTerm) + + """ + The email of the pending user + Stability: Long-term + """ + newUserEmail: String! @stability(level: LongTerm) + + """ + The current organization state for the user, if any. + Stability: Long-term + """ + pendingUserState: PendingUserState! @stability(level: LongTerm) +} + +"The current organization state for the user." +enum PendingUserState { + NoOrganization + SingleUserOrganization + MultiUserOrganizationOnlyOwnerConflict + MultiUserOrganizationNoConflict + UserExistsNoOrganization + UserExistsDeletedOrganization +} + +"Permissions on a view" +enum Permission { + ChangeUserAccess + + "Permission to administer alerts and scheduled searches" + ChangeTriggers + CreateTriggers + UpdateTriggers + DeleteTriggers + + "Permission to administer actions" + ChangeActions + CreateActions + UpdateActions + DeleteActions + ChangeDashboards + CreateDashboards + UpdateDashboards + DeleteDashboards + ChangeDashboardReadonlyToken + ChangeFiles + CreateFiles + UpdateFiles + DeleteFiles + ChangeInteractions + ChangeParsers + ChangeSavedQueries + CreateSavedQueries + UpdateSavedQueries + DeleteSavedQueries + ConnectView + ChangeArchivingSettings + ChangeDataDeletionPermissions + ChangeRetention + ChangeDefaultSearchSettings + ChangeS3ArchivingSettings + DeleteDataSources + DeleteRepositoryOrView + DeleteEvents + ReadAccess + ChangeIngestTokens + ChangePackages + ChangeViewOrRepositoryDescription + ChangeConnections + + "Permission to administer event forwarding rules" + EventForwarding + QueryDashboard + ChangeViewOrRepositoryPermissions + ChangeFdrFeeds + OrganizationOwnedQueries + ReadExternalFunctions + ChangeIngestFeeds + ChangeScheduledReports + CreateScheduledReports + UpdateScheduledReports + DeleteScheduledReports +} + +input PermissionAssignmentInputType { + "The user or group to assign permissions to" + actor: ActorInput! + + """ + Path of the resource for which the permissions are assigned. Can be either a search domain or a specific asset in a search domain. Examples: + - A search domain with ID "123": "searchdomain/123" + - A dashboard with ID "321" in a search domain with ID "123": "searchdomain/123/dashboard/321" + """ + resource: String! + + "The set of permissions the given actor will gain for the resource" + permissionSet: PermissionSetInput! + + "The query prefix. This field is only valid for view role assignments for groups." + queryPrefix: String +} + +input PermissionSetInput { + permissionSetType: PermissionSetType! + + """ + Represents a set of permissions. Format depends on the value of "permissionSetType": + - Direct: Values is a list of permissions. + - RoleId: Values is a list of role IDs. + - ReadonlyDefaultRole: Values is a list of role names each matching one of the LogScale predefined roles. + """ + values: [String!]! +} + +"The different ways to specify a set of permissions." +enum PermissionSetType { + "Permission set is expressed directly as a list of permissions" + Direct + + "Permission set is expressed as a list of role Ids" + RoleId + + "Permission set is expressed as a list of role names each matching one of values defined in the ReadonlyDefaultRole enum." + ReadonlyDefaultRole +} + +"The type of permission" +enum PermissionType { + AssetPermission + ViewPermission + OrganizationPermission + OrganizationManagementPermission + SystemPermission +} + +"Personal token for a user. The token will inherit the same permissions as the user." +type PersonalUserToken implements Token { + """ + The id of the token. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + The name of the token. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + The time at which the token expires. + Stability: Long-term + """ + expireAt: Long @stability(level: LongTerm) + + """ + The ip filter on the token. + Stability: Long-term + """ + ipFilter: String @stability(level: LongTerm) + + """ + The ip filter on the token. + Stability: Long-term + """ + ipFilterV2: IPFilter @stability(level: LongTerm) + + """ + The date the token was created. + Stability: Long-term + """ + createdAt: Long! @stability(level: LongTerm) +} + +enum Purposes { + DevOps + IOT + ITOps + MSP + SecOps +} + +type Query { + """ + All actions, labels and packages used in alerts. + Stability: Preview + """ + alertFieldValues( + "Arguments for alert field values query." + input: AlertFieldValuesInput!): AlertFieldValues! @stability(level: Preview) + + """ + Analyze a query for certain properties. + Stability: Short-term + """ + analyzeQuery(input: AnalyzeQueryArguments!): AnalyzeQueryInfo! @stability(level: ShortTerm) + + """ + Returns information about the IP ASN database used by the LogScale instance. + Stability: Long-term + """ + asnDatabaseInfo: IpDatabaseInfo! @stability(level: LongTerm) + + """ + This fetches the list of blocked query patterns. + Stability: Long-term + """ + blockedQueries( + "Whether to return all blocked queries within the cluster. Requires the ManageCluster permission." + clusterWide: Boolean = false, + + "Whether to include blocked queries for organizations that have been deleted." + includeBlockedQueriesForDeletedOrganizations: Boolean = false): [BlockedQuery!]! @stability(level: LongTerm) + + """ + This is used to check if a given domain is valid. + Stability: Short-term + """ + checkDomain(domain: String!): Boolean! @stability(level: ShortTerm) + + """ + Validate a local cluster connection. + Stability: Short-term + """ + checkLocalClusterConnection( + "Data for checking a local cluster connection" + input: CheckLocalClusterConnectionInput!): LocalClusterConnectionStatus! @stability(level: ShortTerm) + + """ + Validate a remote cluster connection. + Stability: Short-term + """ + checkRemoteClusterConnection( + "Data for checking a remote cluster connection" + input: CheckRemoteClusterConnectionInput!): RemoteClusterConnectionStatus! @stability(level: ShortTerm) + + """ + Get linked child organizations + Stability: Preview + """ + childOrganizations(search: String, skip: Int! = 0, limit: Int! = 50, + + "Choose the order in which the results are returned." + orderBy: OrderBy = ASC, sortBy: OrganizationsLinks__SortBy = Name): ChildOrganizationsResultSet! @stability(level: Preview) + + """ + This is used to retrieve information about a cluster. + Stability: Long-term + """ + cluster: Cluster! @stability(level: LongTerm) + + """ + Return the cluster management settings for this LogScale cluster. + Stability: Short-term + """ + clusterManagementSettings: ClusterManagementSettings @stability(level: ShortTerm) + + """ + Concatenate multiple valid queries into a combined query. + Stability: Short-term + """ + concatenateQueries(input: ConcatenateQueriesArguments!): QueryConcatenationInfo! @stability(level: ShortTerm) + + """ + This returns the current authenticated user. + Stability: Long-term + """ + currentUser: User! @stability(level: LongTerm) + + """ + This is used to retrieve a dashboard. + Stability: Long-term + """ + dashboardsPage(search: String, pageNumber: Int!, pageSize: Int!): DashboardPage! @stability(level: LongTerm) + + """ + For internal debugging + Stability: Preview + """ + debugCache(searchKeys: [String!]!): String! @stability(level: Preview) + + "Stability: Long-term" + defaultFleetInstallationToken: FleetInstallationToken @stability(level: LongTerm) + + """ + This returns the current value for the dynamic configuration. + Stability: Short-term + """ + dynamicConfig(dynamicConfig: DynamicConfig!): String! @stability(level: ShortTerm) + + """ + Returns all dynamic configurations. Requires root access. + Stability: Short-term + """ + dynamicConfigs: [DynamicConfigKeyValueType!]! @stability(level: ShortTerm) + + """ + Labels associated with specified assets available to the requester. Returns a maximum limit of 1000 distinct labels + Stability: Short-term + """ + entitiesLabels( + "input parameter for fetching labels" + input: EntitiesLabelsInputType!): LabelsResult! @stability(level: ShortTerm) + + """ + Packages associated with specified assets available to the requester + Stability: Short-term + """ + entitiesPackages( + "Input parameter for fetching packages" + input: EntitiesPackagesInputType!): PackagesResult! @stability(level: ShortTerm) + + """ + Get next and previous pages when querying assets across LogScale views and repositories. Requires the cursor from the entitiesSearch or entitiesPage response as well as a direction + Stability: Short-term + """ + entitiesPage( + "input parameters for the page" + input: EntitiesPageInputType!): SearchResult! @stability(level: ShortTerm) + + """ + Query assets across LogScale views and repositories. Will only return the first page. The response includes a cursor that can be sent to entitiesPage to get next pages with the same parameters + Stability: Short-term + """ + entitiesSearch( + "input parameters for the search" + input: EntitySearchInputType!): SearchResult! @stability(level: ShortTerm) + + """ + Get usage information around non-secret environment variables + Stability: Short-term + """ + environmentVariableUsage: [EnvironmentVariableUsage!]! @stability(level: ShortTerm) + + """ + This will list all of the event forwarders associated with an organization. + Stability: Long-term + """ + eventForwarders: [EventForwarder!]! @stability(level: LongTerm) + + """ + This is used to determine if a given user has exceeded their query quota. + Stability: Short-term + """ + exceededQueryQuotas( + "Username of the user for which to retrieve exceeded Query Quotas" + username: String!): [QueryQuotaExceeded!]! @stability(level: ShortTerm) + + """ + List feature flags depending on filters and context + Stability: Preview + """ + featureFlags( + "Include experimental features. Enabling experimental features are strongly discouraged and can lead to LogScale ending up in a bad state beyond repair." + includeExperimentalFeatures: Boolean, + + "Filter defining for which scope feature flags should be returned" + enabledInScopeFilter: EnabledInScope): [FeatureFlagV2!]! @stability(level: Preview) + + """ + This can fetch the OIDC metadata from the discovery (.well-known/openid-configuration) endpoint provided. + Stability: Long-term + """ + fetchOIDCMetadataFromDiscoveryEndpoint( + "The .well-known OIDC endpoint." + discoveryEndpoint: String!): WellKnownEndpointDetails! @stability(level: LongTerm) + + """ + This will fetch the SAML metadata from the discovery endpoint provided. + Stability: Long-term + """ + fetchSamlMetadataFromDiscoveryEndpoint( + "The SAML metadata endpoint." + discoveryEndpoint: String!): SamlMetadata! @stability(level: LongTerm) + + """ + Retrieve the active schema and its field aliases on the given view. + Stability: Long-term + """ + fieldAliasSchemaOnView(repoOrViewName: String!): FieldAliasSchema @stability(level: LongTerm) + + """ + Retrieve all schemas for field aliases. + Stability: Long-term + """ + fieldAliasSchemas: FieldAliasSchemasInfo! @stability(level: LongTerm) + + """ + This will find information on the identity provider. + Stability: Long-term + """ + findIdentityProvider(email: String!): IdentityProviderAuth! @stability(level: LongTerm) + + "Stability: Long-term" + fleetInstallationToken(id: String!): FleetInstallationToken @stability(level: LongTerm) + + "Stability: Short-term" + fleetInstallationTokens: [FleetInstallationToken!]! @stability(level: ShortTerm) + + """ + Return the Java Flight Recorder settings for the specified vhost. + Stability: Preview + """ + flightRecorderSettings( + "The vhost to fetch settings for." + vhost: Int!): FlightRecorderSettings @stability(level: Preview) + + """ + Generate an unsaved aggregate alert from a package alert template. + Stability: Long-term + """ + generateAggregateAlertFromPackageTemplate( + "Data for generating an unsaved aggregate alert object from a library package template" + input: GenerateAggregateAlertFromPackageTemplateInput!): UnsavedAggregateAlert! @stability(level: LongTerm) + + """ + Generate an unsaved aggregate alert from a yaml template. + Stability: Long-term + """ + generateAggregateAlertFromTemplate( + "Data for generating an unsaved aggregate alert object from a yaml template" + input: GenerateAggregateAlertFromTemplateInput!): UnsavedAggregateAlert! @stability(level: LongTerm) + + """ + Generate an unsaved alert from a package alert template. + Stability: Long-term + """ + generateAlertFromPackageTemplate( + "Data for generating an unsaved alert object from a library package template" + input: GenerateAlertFromPackageTemplateInput!): UnsavedAlert! @stability(level: LongTerm) + + """ + Generate an unsaved alert from a yaml template. + Stability: Long-term + """ + generateAlertFromTemplate( + "Data for generating an unsaved alert object from a yaml template" + input: GenerateAlertFromTemplateInput!): UnsavedAlert! @stability(level: LongTerm) + + """ + Generate an unsaved filter alert from a package alert template. + Stability: Long-term + """ + generateFilterAlertFromPackageTemplate( + "Data for generating an unsaved filter alert object from a library package template" + input: GenerateFilterAlertFromPackageTemplateInput!): UnsavedFilterAlert! @stability(level: LongTerm) + + """ + Generate an unsaved filter alert from a yaml template. + Stability: Long-term + """ + generateFilterAlertFromTemplate( + "Data for generating an unsaved filter alert object from a yaml template" + input: GenerateFilterAlertFromTemplateInput!): UnsavedFilterAlert! @stability(level: LongTerm) + + """ + Generate an unsaved parser from a YAML template. + Stability: Long-term + """ + generateParserFromTemplate( + "Data for generating an unsaved parser object from a YAML template" + input: GenerateParserFromTemplateInput!): UnsavedParser! @stability(level: LongTerm) + + """ + Generate an unsaved scheduled search from a package scheduled search template. + Stability: Long-term + """ + generateScheduledSearchFromPackageTemplate( + "Data for generating an unsaved scheduled search object from a library package template." + input: GenerateScheduledSearchFromPackageTemplateInput!): UnsavedScheduledSearch! @stability(level: LongTerm) + + """ + Generate an unsaved scheduled search from a yaml template. + Stability: Long-term + """ + generateScheduledSearchFromTemplate( + "Data for generating an unsaved scheduled search object from a yaml templat." + input: GenerateScheduledSearchFromTemplateInput!): UnsavedScheduledSearch! @stability(level: LongTerm) + + """ + Look up an external function specification. + Stability: Preview + """ + getExternalFunction(input: GetExternalFunctionInput!): ExternalFunctionSpecificationOutput @stability(level: Preview) + + """ + This is used to get content of a file. + Stability: Long-term + """ + getFileContent(name: String!, fileName: String!, offset: Int, limit: Int, filterString: String): UploadedFileSnapshot! @stability(level: LongTerm) + + """ + Get url endpoint for fleet management + Stability: Short-term + """ + getFleetManagementUrl: String! @stability(level: ShortTerm) + + "Stability: Short-term" + getLogCollectorDebugLogging: LogCollectorDebugLogging @stability(level: ShortTerm) + + "Stability: Short-term" + getLogCollectorDetails(machineId: String, id: String, isLive: Boolean = true): LogCollectorDetails @stability(level: ShortTerm) + + "Stability: Short-term" + getLogCollectorInstanceDebugLogging(id: String!): LogCollectorDebugLogging @stability(level: ShortTerm) + + "Stability: Short-term" + getLostCollectorDays: Int! @stability(level: ShortTerm) + + """ + Look up a remote table configuration. + Stability: Preview + """ + getRemoteTableConfig(input: GetRemoteTableConfigInput!): RemoteTableConfig! @stability(level: Preview) + + """ + Get all remote table configuration in the organization. + Stability: Preview + """ + getRemoteTableConfigsInOrganization: [RemoteTableConfig!]! @stability(level: Preview) + + """ + Get all accessible remote table configurations in a view. + Stability: Preview + """ + getRemoteTableConfigsInView(input: GetRemoteTableConfigsInViewInput!): [RemoteTableConfig!]! @stability(level: Preview) + + """ + Returns whether a transfer is on going for this organization + Stability: Long-term + """ + getStatusOrganizationForBucketTransfer: Boolean! @stability(level: LongTerm) + + """ + Used to get information on a specified group. + Stability: Long-term + """ + group(groupId: String!): Group! @stability(level: LongTerm) + + """ + Used to get information on groups by a given display name. + Stability: Long-term + """ + groupByDisplayName(displayName: String!): Group! @stability(level: LongTerm) + + """ + Search groups and users with permissions on the asset. + Stability: Short-term + """ + groupsAndUsersWithPermissionsOnAsset( + "The name of the search domain where the asset belongs." + searchDomainName: String!, + + "The type of the asset." + assetType: AssetPermissionsAssetType!, + + "The ID of the asset. For files, use the name of the file." + assetId: String!, + + "Filter results based on this string" + searchFilter: String, + + "Indicates whether to include only users, only groups, or both." + groupsOrUsersFilters: [GroupsOrUsersFilter!], + + "The amount of results to return." + limit: Int = 50, + + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, + + "Choose the order in which the results are returned." + orderBy: OrderBy = ASC, + + "If true the result will also include users and groups that currently doesn't have access to the asset" + includeEmptyPermissionSet: Boolean! = false): UserOrGroupAssetPermissionSearchResultSet! @stability(level: ShortTerm) + + """ + All defined groups in an organization. + Stability: Long-term + """ + groupsPage(search: String, pageNumber: Int!, pageSize: Int!, typeFilter: [PermissionType!]): GroupPage! @stability(level: LongTerm) + + """ + This will check whether an organization has an organization root. + Stability: Short-term + """ + hasOrgRoot(orgId: String!): Boolean! @stability(level: ShortTerm) + + """ + This is used to get information on a specific identity provider. + Stability: Long-term + """ + identityProvider(id: String!): IdentityProviderAuthentication! @stability(level: LongTerm) + + "Stability: Long-term" + identityProviders: [IdentityProviderAuthentication!]! @stability(level: LongTerm) + + """ + This returns information about the license for the LogScale instance, if any license installed. + Stability: Long-term + """ + installedLicense: License @stability(level: LongTerm) + + """ + Provides details for a specific package installed on a specific view. + Stability: Long-term + """ + installedPackage( + "The id of the package." + packageId: VersionedPackageSpecifier!, + + "The name of the view the package is installed in." + viewName: String!): PackageInstallation @stability(level: LongTerm) + + """ + Used to get information on the IOC database used by the LogScale instance. + Stability: Long-term + """ + iocDatabaseInfo: CrowdStrikeIocStatus! @stability(level: LongTerm) + + """ + This returns information about the IP location database used by the LogScale instance. + Stability: Long-term + """ + ipDatabaseInfo: IpDatabaseInfo! @stability(level: LongTerm) + + """ + Returns a list of IP filters. + Stability: Long-term + """ + ipFilters: [IPFilter!]! @stability(level: LongTerm) + + """ + This will return information about the Kafka cluster. + Stability: Short-term + """ + kafkaCluster: KafkaClusterDescription! @stability(level: ShortTerm) + + """ + Used to get language restrictions for language version. + Stability: Preview + """ + languageRestrictions(version: LanguageVersionEnum!): QueryLanguageRestriction! @stability(level: Preview) + + """ + Used to list all notifications currently set in the system. This requires root access. + Stability: Long-term + """ + listNotifications: [Notification!]! @stability(level: LongTerm) + + "Stability: Short-term" + logCollectorConfiguration(id: String!): LogCollectorConfiguration! @stability(level: ShortTerm) + + """ + List available Log Collector installers. + Stability: Long-term + """ + logCollectorInstallers: [LogCollectorInstaller!] @stability(level: LongTerm) + + "Stability: Short-term" + logCollectorMergedConfiguration(configIds: [String!]!): LogCollectorMergedConfiguration! @stability(level: ShortTerm) + + """ + List versions available through Remote Update for the LogScale Collector + Stability: Long-term + """ + logCollectorVersionsAvailable: [String!]! @stability(level: LongTerm) + + "Stability: Long-term" + loginBridgeRequest: LoginBridgeRequest! @stability(level: LongTerm) + + "Stability: Long-term" + marketplace: Marketplace! @stability(level: LongTerm) + + """ + This will return information about the LogScale instance + Stability: Short-term + """ + meta(url: String): HumioMetadata! @stability(level: ShortTerm) + + """ + Get the current state of the multi-mode migration + Stability: Preview + """ + multiModeMigrationState: String! @stability(level: Preview) + + """ + Returns a list of organizations that has non-default bucket-storage configuration + Stability: Short-term + """ + nonDefaultBucketConfigs: [OrgConfig!]! @stability(level: ShortTerm) + + "Stability: Long-term" + oidcIdentityProvider(id: String!): OidcIdentityProvider! @stability(level: LongTerm) + + """ + Get the current organization + Stability: Long-term + """ + organization: Organization! @stability(level: LongTerm) + + """ + Get linked parent organizations + Stability: Preview + """ + parentOrganizations(search: String, skip: Int! = 0, limit: Int! = 50, + + "Choose the order in which the results are returned." + orderBy: OrderBy = ASC, sortBy: OrganizationsLinks__SortBy = Name): ParentOrganizationsResultSet! @stability(level: Preview) + + """ + Get a pending user. + Stability: Long-term + """ + pendingUser(token: String!): PendingUser! @stability(level: LongTerm) + + """ + Get a pending user. + Stability: Long-term + """ + pendingUsers(search: String): [PendingUser!]! @stability(level: LongTerm) + + """ + Proxy query through a specific organization. Root operation. + Stability: Long-term + """ + proxyOrganization(organizationId: String!): Query! @stability(level: LongTerm) + + "Stability: Preview" + queryAnalysis(queryString: String!, languageVersion: LanguageVersionEnum!, isLive: Boolean!, viewName: String): queryAnalysis! @stability(level: Preview) + + """ + Return the query assistance for the given search, as well as the assistant version. + Stability: Preview + """ + queryAssistance( + "The search to assist with" + search: String!, + + "Enable to remap often used fields to their LogScale equivalents" + remapFields: Boolean! = false): QueryAssistantResult! @stability(level: Preview) + + "Stability: Short-term" + queryQuotaDefaultSettings: [QueryQuotaIntervalSetting!]! @stability(level: ShortTerm) + + "Stability: Short-term" + queryQuotaUsage( + "Username of the user for which to retrieve status of Query Quotas" + username: String!): [QueryQuotaUsage!]! @stability(level: ShortTerm) + + "Stability: Short-term" + queryQuotaUserSettings( + "If omitted, returns the Query Quota Settings for all users. If provided, returns the Query Quota Settings for that particular user." + username: String): [QueryQuotaUserSettings!]! @stability(level: ShortTerm) + + """ + Query search domains with organization filter + Stability: Long-term + """ + querySearchDomains( + "Filter results based on this string" + searchFilter: String, + + "Choose to filter based on type of search domain" + typeFilter: SearchDomainTypes!, sortBy: Searchdomain__SortBy!, + + "Choose the order in which the results are returned." + orderBy: OrderBy = ASC, + + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, + + "The amount of results to return." + limit: Int = 50, + + "Filter for deleted search domains. True will return deleted search domains and exclude regular search domains and requires that you have some permission that grants you access to delete search domains. False or nothing will return search domains that has not yet been deleted." + deleted: Boolean, includeHidden: Boolean, + + "Filter results by name of connected limit. Search domains without a limit will be excluded" + limitName: String): SearchDomainSearchResultSet! @stability(level: LongTerm) + + """ + Fetch the list of active event redaction jobs. + Stability: Long-term + """ + redactEvents( + "The name of the repository to fetch pending event redactions for." + repositoryName: String!): [DeleteEvents!]! @stability(level: LongTerm) + + "Stability: Long-term" + repositories( + "Include sandboxes for other users in the results set" + includeSandboxes: Boolean, includeHidden: Boolean): [Repository!]! @stability(level: LongTerm) + + """ + Lookup a given repository by name. + Stability: Long-term + """ + repository( + "The name of the repository" + name: String!, includeHidden: Boolean): Repository! @stability(level: LongTerm) + + """ + A given role. + Stability: Long-term + """ + role(roleId: String!): Role! @stability(level: LongTerm) + + """ + All defined roles. + Stability: Long-term + """ + roles: [Role!]! @stability(level: LongTerm) + + """ + All defined roles in org. + Stability: Long-term + """ + rolesInOrgForChangingUserAccess(searchDomainId: String!): [Role!]! @stability(level: LongTerm) + + """ + Searchable paginated roles + Stability: Long-term + """ + rolesPage(search: String, pageNumber: Int!, pageSize: Int!, typeFilter: [PermissionType!], includeHidden: Boolean): RolePage! @stability(level: LongTerm) + + """ + Returns running queries. + Stability: Long-term + """ + runningQueries( + "Search term that is used to filter running queries based on query input" + searchTerm: String, + + "Which field to use when sorting" + sortField: SortField, sortOrder: SortOrder, + + "Whether to return global results. Default=false. True requires system level access." + global: Boolean): RunningQueries! @stability(level: LongTerm) + + """ + Returns whether AWS Role is required when configuring S3 Archiving. + Stability: Short-term + """ + s3ArchivingRequiresRole: Boolean! @stability(level: ShortTerm) + + "Stability: Long-term" + samlIdentityProvider(id: String!): SamlIdentityProvider! @stability(level: LongTerm) + savedQuery(id: String!): SavedQuery! @deprecated(reason: "[DEPRECATED: No longer used internally and bad performance tied to the implementation. Use 'savedQuery on searchDomain' instead. Will be removed at the earliest in version 1.225]") + + """ + Get scheduled report information using a scheduled report access token. + Stability: Long-term + """ + scheduledReport: LimitedScheduledReport! @stability(level: LongTerm) + + "Stability: Long-term" + searchDomain(name: String!): SearchDomain! @stability(level: LongTerm) + + """ + Lists assets in the provided search domains. + Stability: Preview + """ + searchDomainAssets( + "The names of the search domains to search for assets in. If empty, includes assets from all search domains the requester has access to." + searchDomainNames: [String!]!, + + "The types of assets to include. If empty, all asset types are included." + assetTypes: [AssetPermissionsAssetType!], + + "Filter results based on this string" + searchFilter: String, + + "The amount of results to return." + limit: Int = 50, + + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, + + "Choose the order in which the results are returned." + orderBy: OrderBy = ASC): SearchDomainAssetsResultSet! @stability(level: Preview) + + "Stability: Long-term" + searchDomains(includeHidden: Boolean): [SearchDomain!]! @stability(level: LongTerm) + + """ + Paged searchDomains. + Stability: Long-term + """ + searchDomainsPage(search: String, includeHidden: Boolean, pageNumber: Int!, pageSize: Int!): SearchDomainPage! @stability(level: LongTerm) + + """ + Get paginated search results. + Stability: Short-term + """ + searchFleet(isLiveFilter: Boolean = true, versionFilter: SearchFleetVersionFilter, osFilter: SearchFleetOsFilter, groupIdsFilter: [String!], changeFilter: Changes, groupFilter: GroupFilter, queryState: String, inactiveFilter: Boolean, statusFilter: SearchFleetStatusFilter, testConfigIdFilter: String, configIdFilter: String, + + "Filter results based on this string" + searchFilter: String, sortBy: Fleet__SortBy = Hostname, + + "Choose the order in which the results are returned." + orderBy: OrderBy = ASC, + + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, + + "The amount of results to return." + limit: Int = 50): SearchFleetUnion! @stability(level: ShortTerm) + + "Stability: Short-term" + searchFleetInstallationTokens( + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, + + "The amount of results to return." + limit: Int = 50, sortBy: FleetInstallationTokens__SortBy = Name, + + "Choose the order in which the results are returned." + orderBy: OrderBy = ASC): SearchFleetInstallationTokenResultSet! @stability(level: ShortTerm) + + """ + Search log collector configurations. + Stability: Short-term + """ + searchLogCollectorConfigurations( + "Filter results based on this string" + searchFilter: String, + + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, + + "The amount of results to return." + limit: Int = 50, sortBy: FleetConfiguration__SortBy = Name, + + "Choose the order in which the results are returned." + orderBy: OrderBy = ASC): SearchLogCollectorConfigurationResultSet! @stability(level: ShortTerm) + + """ + Search log collector configurations. + Stability: Short-term + """ + searchLogCollectorGroups( + "Filter results based on this string" + searchFilter: String, + + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, + + "The amount of results to return." + limit: Int = 50, sortBy: FleetGroups__SortBy = Name, + + "Choose the order in which the results are returned." + orderBy: OrderBy = ASC): SearchLogCollectorGroupsResultSet! @stability(level: ShortTerm) + + """ + Get paginated search results. (Root operation) + Stability: Short-term + """ + searchOrganizations( + "Filter results based on this string" + searchFilter: String, sortBy: Organizations__SortBy!, typeFilter: [Organizations__SearchEntryType!], subscriptionFilter: [Organizations__Subscription!], includeDeletedFilter: Boolean, + + "Choose the order in which the results are returned." + orderBy: OrderBy = ASC, + + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, + + "The amount of results to return." + limit: Int = 50): OrganizationSearchResultSet! @stability(level: ShortTerm) + + """ + Fetch information about a specific segment. This query is not a quick lookup and should be used only for troubleshooting or to help with data recovery. It requires ManageCluster permission + Stability: Preview + """ + segment( + "Id of the segment for which information must be retrieved." + id: String!): Segment @stability(level: Preview) + + """ + Check the status for a specific typed service. + Stability: Preview + """ + serviceStatus( + "The service type name of the service to get status for." + serviceType: String!): HealthStatus! @stability(level: Preview) + + """ + Metadata from all registered services + Stability: Preview + """ + servicesMetadata: [ServiceMetadata!]! @stability(level: Preview) + + """ + Paginated search results for tokens + Stability: Long-term + """ + sessions( + "Filter results based on this string" + searchFilter: String, level: Sessions__Filter_Level = Organization, sortBy: Sessions__SortBy = LastActivityTime, + + "Choose the order in which the results are returned." + orderBy: OrderBy = ASC, + + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, + + "The amount of results to return." + limit: Int = 50, onlyActiveSessions: Boolean = true): SessionQueryResultSet! @stability(level: LongTerm) + + """ + Gets a shared dashboard by it's shared link token. + Stability: Long-term + """ + sharedDashboards(token: String!): SharedDashboard! @stability(level: LongTerm) + + "Stability: Long-term" + starredDashboards: [Dashboard!]! @stability(level: LongTerm) + + """ + Get a specific token by ID + Stability: Long-term + """ + token(tokenId: String!): Token! @stability(level: LongTerm) + + """ + Token for fleet management. + Stability: Short-term + """ + tokenForFleetManagement: String! @stability(level: ShortTerm) + + """ + Paginated search results for tokens + Stability: Long-term + """ + tokens( + "Filter results based on this string" + searchFilter: String, typeFilter: [Tokens__Type!], parentEntityIdFilter: [String!], sortBy: Tokens__SortBy!, + + "Choose the order in which the results are returned." + orderBy: OrderBy = ASC, + + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, + + "The amount of results to return." + limit: Int = 50): TokenQueryResultSet! @stability(level: LongTerm) + + "Stability: Preview" + usage: UsageStats! @stability(level: Preview) + + """ + A user in the system. + Stability: Long-term + """ + user(id: String!): User @stability(level: LongTerm) + + """ + Requires manage cluster permission; Returns all users in the system. + Stability: Long-term + """ + users(orderBy: OrderByUserFieldInput, search: String): [User!]! @stability(level: LongTerm) + + "\nStability: Long-term" + usersAndGroupsForChangingUserAccess(search: String, searchDomainId: String!, + + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, + + "The amount of results to return." + limit: Int = 50): UsersAndGroupsSearchResultSet! @stability(level: LongTerm) + + """ + Requires either root access, org owner access or permission to manage users in at least one repository or view. Returns a page of all users in an organization. + Stability: Long-term + """ + usersPage(orderBy: OrderByUserFieldInput, search: String, pageNumber: Int!, pageSize: Int!): UsersPage! @stability(level: LongTerm) + + """ + Return users without organizations + Stability: Short-term + """ + usersWithoutOrganizations: [User!]! @stability(level: ShortTerm) + + """ + Validate the Access Token + Stability: Short-term + """ + validateAccessToken(accessToken: String!): String! @stability(level: ShortTerm) + + """ + Validate the Access Token + Stability: Long-term + """ + validateAccessTokenV2(accessToken: String!): AccessTokenValidatorResultType! @stability(level: LongTerm) + + """ + Check that a query compiles. + Stability: Preview + """ + validateQuery(queryString: String!, version: LanguageVersionEnum!, isLive: Boolean, arguments: [QueryArgument!]): QueryValidationResult! @stability(level: Preview) + + """ + Validate the JWT Token + Stability: Long-term + """ + validateToken(jwtToken: String!): Boolean! @stability(level: LongTerm) + + """ + The currently authenticated user's account. + Stability: Long-term + """ + viewer: Account! @stability(level: LongTerm) + + """ + The currently authenticated user's account if any. + Stability: Long-term + """ + viewerOpt: Account @stability(level: LongTerm) + + """ + Get the list of keys being used to select queries for tracing on workers. + Stability: Preview + """ + workerQueryTracingState: WorkerQueryTracingState! @stability(level: Preview) +} + +type QueryAnalysisResult { + """ + If correlate is used, this will hold usage information. + Stability: Preview + """ + correlateUsageInfo: CorrelateUsageInfo @stability(level: Preview) +} + +"An argument to a query" +input QueryArgument { + name: String! + value: String! +} + +"An argument for a query." +input QueryArgumentInputType { + "The name of the argument." + name: String! + + "The value of the argument." + value: String! +} + +"Either a successful assistance result, or an error" +union QueryAssistantAssistance = QueryAssistantSuccess | QueryAssistantError + +type QueryAssistantDiagnostic { + "Stability: Preview" + message: QueryAssistantDiagnosticMessage! @stability(level: Preview) + + "Stability: Preview" + position: QueryAssistantDiagnosticPosition @stability(level: Preview) + + "Stability: Preview" + severity: QueryAssistantDiagnosticSeverity! @stability(level: Preview) +} + +type QueryAssistantDiagnosticMessage { + "Stability: Preview" + what: String! @stability(level: Preview) + + "Stability: Preview" + terse: String! @stability(level: Preview) + + "Stability: Preview" + code: String! @stability(level: Preview) +} + +type QueryAssistantDiagnosticPosition { + "Stability: Preview" + column: Int! @stability(level: Preview) + + "Stability: Preview" + line: Int! @stability(level: Preview) + + "Stability: Preview" + beginOffset: Int! @stability(level: Preview) + + "Stability: Preview" + endOffset: Int! @stability(level: Preview) + + "Stability: Preview" + longString: String! @stability(level: Preview) +} + +enum QueryAssistantDiagnosticSeverity { + Hint + Information + Warning + Error +} + +type QueryAssistantError { + "Stability: Preview" + error: String! @stability(level: Preview) +} + +"An assistance result and a version of the query assistant" +type QueryAssistantResult { + """ + The assistant version. + Stability: Preview + """ + version: String! @stability(level: Preview) + + """ + The query assistance for the given search. + Stability: Preview + """ + assistance: QueryAssistantAssistance! @stability(level: Preview) +} + +type QueryAssistantSuccess { + "Stability: Preview" + result: String! @stability(level: Preview) + + "Stability: Preview" + diagnostics: [QueryAssistantDiagnostic!]! @stability(level: Preview) +} + +"A dashboard parameter where suggestions are sourced from query results from LogScale." +type QueryBasedDashboardParameter implements DashboardParameter { + """ + The LogScale query executed to find suggestions for the parameter value. + Stability: Long-term + """ + queryString: String! @stability(level: LongTerm) + + """ + The time window (relative to now) in which LogScale will search for suggestions. E.g. 24h or 30d. + Stability: Long-term + """ + timeWindow: String! @stability(level: LongTerm) + + """ + The field in the result set used as the 'value' of the suggestions. + Stability: Long-term + """ + optionValueField: String! @stability(level: LongTerm) + + """ + The field in the result set used as the 'label' (the text in the dropdown) of the suggestions. + Stability: Long-term + """ + optionLabelField: String! @stability(level: LongTerm) + + """ + If true, the parameters search time window will automatically change to match the dashboard's global time when active. + Stability: Long-term + """ + useDashboardTimeIfSet: Boolean! @stability(level: LongTerm) + + """ + Regex patterns used to block parameter input. + Stability: Long-term + """ + invalidInputPatterns: [String!] @stability(level: LongTerm) + + """ + Message when parameter input is blocked. + Stability: Long-term + """ + invalidInputMessage: String @stability(level: LongTerm) + + """ + The ID of the parameter. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + The label or 'name' displayed next to the input for the variable to make it more human-readable. + Stability: Long-term + """ + label: String! @stability(level: LongTerm) + + """ + The value assigned to the parameter on dashboard load, if no other value is specified. + Stability: Long-term + """ + defaultValueV2: String @stability(level: LongTerm) + + """ + A number that determines the order in which parameters are displayed on a dashboard. If null, the parameter is ordered after other parameters in alphanumerical order. + Stability: Long-term + """ + order: Int @stability(level: LongTerm) + + """ + A number that determines the width of a parameter. + Stability: Long-term + """ + width: Int @stability(level: LongTerm) +} + +"A widget with a visualization of a query result." +type QueryBasedWidget implements Widget { + "Stability: Long-term" + queryString: String! @stability(level: LongTerm) + + "Stability: Long-term" + start: String! @stability(level: LongTerm) + + "Stability: Long-term" + end: String! @stability(level: LongTerm) + + "Stability: Long-term" + isLive: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + widgetType: String! @stability(level: LongTerm) + + """ + An optional JSON value containing styling and other settings for the widget. This is solely used by the UI. + Stability: Long-term + """ + options: JSON @stability(level: LongTerm) + + "Stability: Long-term" + interactions: [QueryBasedWidgetInteraction!]! @stability(level: LongTerm) + + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + title: String! @stability(level: LongTerm) + + "Stability: Long-term" + description: String @stability(level: LongTerm) + + "Stability: Long-term" + x: Int! @stability(level: LongTerm) + + "Stability: Long-term" + y: Int! @stability(level: LongTerm) + + "Stability: Long-term" + width: Int! @stability(level: LongTerm) + + "Stability: Long-term" + height: Int! @stability(level: LongTerm) +} + +"An interaction for a query based widget" +type QueryBasedWidgetInteraction { + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + titleTemplate: String @stability(level: LongTerm) + + "Stability: Long-term" + conditions: [WidgetInteractionCondition!]! @stability(level: LongTerm) + + "Stability: Long-term" + typeInfo: QueryBasedWidgetInteractionTypeInfo! @stability(level: LongTerm) +} + +union QueryBasedWidgetInteractionTypeInfo = DashboardLinkInteraction | CustomLinkInteraction | SearchLinkInteraction | UpdateParametersInteraction + +"Result of concatenating queries." +type QueryConcatenationInfo { + "Stability: Short-term" + concatenatedQuery: String! @stability(level: ShortTerm) + + "Stability: Short-term" + validationResult: QueryValidationInfo! @stability(level: ShortTerm) +} + +"A diagnostic message from query validation." +type QueryDiagnostic { + "Stability: Preview" + message: String! @stability(level: Preview) + + "Stability: Preview" + code: String! @stability(level: Preview) + + "Stability: Preview" + severity: Severity! @stability(level: Preview) +} + +"Diagnostic information for a query." +type QueryDiagnosticInfoOutputType { + """ + The diagnostic message. + Stability: Short-term + """ + message: String! @stability(level: ShortTerm) + + """ + The code for the diagnostic. + Stability: Short-term + """ + code: String! @stability(level: ShortTerm) + + """ + The severity of the diagnostic. + Stability: Short-term + """ + severity: String! @stability(level: ShortTerm) +} + +type QueryInProgress { + "Stability: Long-term" + queryId: String! @stability(level: LongTerm) +} + +"A query kind." +input QueryKindInputType { + "A standard search query." + standardSearch: StandardSearchQueryKindInputType + + "A filter prefix." + filterPrefix: FilterPrefixQueryKindInputType +} + +"Language restrictions for language version." +type QueryLanguageRestriction { + "Stability: Preview" + version: LanguageVersion! @stability(level: Preview) + + "Stability: Preview" + allowedFunctions: [String!]! @stability(level: Preview) + + "Stability: Preview" + enabled: Boolean! @stability(level: Preview) +} + +"Query ownership" +interface QueryOwnership { + """ + Id of organization or user owning and running the query + Stability: Long-term + """ + id: String! @stability(level: LongTerm) +} + +"The type of query ownership" +enum QueryOwnershipType { + "Queries run on behalf of user" + User + + "Queries run on behalf of the organization" + Organization +} + +"The target type to select" +enum QueryOwnership_SelectionTargetType { + "A single trigger or shared dashboard" + PersistentQuery + + "All triggers and shared dashboard connected to this view" + View + + "All triggers and shared dashboards within the organization" + Organization +} + +type QueryPrefixes { + "Stability: Long-term" + viewId: String! @stability(level: LongTerm) + + "Stability: Long-term" + queryPrefix: String! @stability(level: LongTerm) +} + +"Default Query Quota Settings for users which have not had specific settings assigned" +type QueryQuotaDefaultSettings { + """ + List of the rules that apply + Stability: Short-term + """ + settings: [QueryQuotaIntervalSetting!]! @stability(level: ShortTerm) +} + +input QueryQuotaDefaultSettingsInput { + settings: [QueryQuotaIntervalSettingInput!]! +} + +type QueryQuotaExceeded { + "Stability: Short-term" + kind: QueryQuotaMeasurementKind! @stability(level: ShortTerm) + + "Stability: Short-term" + resetsAt: Long! @stability(level: ShortTerm) +} + +enum QueryQuotaInterval { + PerDay + PerHour + PerMinute + PerTenMinutes +} + +type QueryQuotaIntervalSetting { + "Stability: Short-term" + interval: QueryQuotaInterval! @stability(level: ShortTerm) + + "Stability: Short-term" + measurementKind: QueryQuotaMeasurementKind! @stability(level: ShortTerm) + + "Stability: Short-term" + value: Long @stability(level: ShortTerm) + + "Stability: Short-term" + valueKind: QueryQuotaIntervalSettingKind! @stability(level: ShortTerm) + + "Stability: Short-term" + source: QueryQuotaIntervalSettingSource! @stability(level: ShortTerm) +} + +input QueryQuotaIntervalSettingInput { + interval: QueryQuotaInterval! + measurementKind: QueryQuotaMeasurementKind! + value: Long + valueKind: QueryQuotaIntervalSettingKind! +} + +enum QueryQuotaIntervalSettingKind { + Limited + Limitless +} + +enum QueryQuotaIntervalSettingSource { + Default + UserSpecified +} + +enum QueryQuotaMeasurementKind { + LiveCost + QueryCount + StaticCost +} + +type QueryQuotaUsage { + "Stability: Short-term" + interval: QueryQuotaInterval! @stability(level: ShortTerm) + + "Stability: Short-term" + queryCount: Int! @stability(level: ShortTerm) + + "Stability: Short-term" + staticCost: Long! @stability(level: ShortTerm) + + "Stability: Short-term" + liveCost: Long! @stability(level: ShortTerm) +} + +"Query Quota Settings for a particular user" +type QueryQuotaUserSettings { + """ + Username of the user for which these Query Quota Settings apply + Stability: Short-term + """ + username: String! @stability(level: ShortTerm) + + """ + List of the settings that apply + Stability: Short-term + """ + settings: [QueryQuotaIntervalSetting!]! @stability(level: ShortTerm) +} + +input QueryQuotaUserSettingsInput { + username: String! + settings: [QueryQuotaIntervalSettingInput!]! +} + +"A time interval which includes both start and end. Please see public documentation for the time point syntax." +input QueryTimeInterval { + "Start of the time interval. Defaults to 24hours if omitted." + start: String + + "End of the time interval. Defaults to now if omitted." + end: String +} + +"Timestamp type to use for a query." +enum QueryTimestampType { + "Use @timestamp for the query." + EventTimestamp + + "Use @ingesttimestamp for the query." + IngestTimestamp +} + +"Result of query validation." +type QueryValidationInfo { + "Stability: Short-term" + isValid: Boolean! @stability(level: ShortTerm) + + "Stability: Short-term" + diagnostics: [QueryDiagnosticInfoOutputType!]! @stability(level: ShortTerm) +} + +"Result of validating a query." +type QueryValidationResult { + "Stability: Preview" + isValid: Boolean! @stability(level: Preview) + + "Stability: Preview" + diagnostics: [QueryDiagnostic!]! @stability(level: Preview) +} + +"Readonly default role" +enum ReadonlyDefaultRole { + Reader +} + +type RealTimeDashboardUpdateFrequency { + "Stability: Long-term" + name: String! @stability(level: LongTerm) +} + +"A map from reasons why a node might not be able to be unregistered safely, to the boolean value indicating whether a given reason applies to this node. For a node to be unregistered without any undue disruption, none of the reasons must apply." +type ReasonsNodeCannotBeSafelyUnregistered { + "Stability: Long-term" + isAlive: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + leadsDigest: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + hasUnderReplicatedData: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + hasDataThatExistsOnlyOnThisNode: Boolean! @stability(level: LongTerm) +} + +type RecentQuery { + "Stability: Long-term" + languageVersion: LanguageVersion! @stability(level: LongTerm) + + "Stability: Long-term" + query: HumioQuery! @stability(level: LongTerm) + + "Stability: Long-term" + runAt: DateTime! @stability(level: LongTerm) + + "Stability: Long-term" + widgetType: String @stability(level: LongTerm) + + "Stability: Long-term" + widgetOptions: JSON @stability(level: LongTerm) +} + +input RedactEventsInputType { + "The name of the repository to redact events in" + repositoryName: String! + + "The start of the interval to perform redactions in" + start: DateTime! + + "The end of the interval to perform redactions in" + end: DateTime! + + "The query to use for redaction. Any event returned by this query will be removed." + query: String! + + "Optional message to log in the audit log for this action" + userMessage: String +} + +"Data for updating the query asset lookup view for a view." +input RedirectQueryAssetLookupTo { + "Name of the view to update." + viewName: RepoOrViewName! + + "Name of the view to use for asset lookups, or null to clear." + redirectToViewName: RepoOrViewName +} + +type RefreshClusterManagementStatsMutation { + "Stability: Preview" + reasonsNodeCannotBeSafelyUnregistered: ReasonsNodeCannotBeSafelyUnregistered! @stability(level: Preview) +} + +"Information about regions" +type RegionSelectData { + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + url: String! @stability(level: LongTerm) + + "Stability: Long-term" + iconUrl: String! @stability(level: LongTerm) +} + +"Info about a version of a LogScale Package." +type RegistryPackageVersionInfo { + """ + The package version + Stability: Long-term + """ + version: SemanticVersion! @stability(level: LongTerm) + + """ + The minimum version of LogScale required to run the package. + Stability: Long-term + """ + minHumioVersion: SemanticVersion! @stability(level: LongTerm) +} + +"A remote cluster connection." +type RemoteClusterConnection implements ClusterConnection { + """ + Public URL of the remote cluster to connect with + Stability: Short-term + """ + publicUrl: String! @stability(level: ShortTerm) + + """ + Id of the connection + Stability: Short-term + """ + id: String! @stability(level: ShortTerm) + + """ + Cluster identity of the connection + Stability: Short-term + """ + clusterId: String! @stability(level: ShortTerm) + + """ + Cluster connection tags + Stability: Short-term + """ + tags: [ClusterConnectionTag!]! @stability(level: ShortTerm) + + """ + Cluster connection query prefix + Stability: Short-term + """ + queryPrefix: String! @stability(level: ShortTerm) +} + +"The status of a remote cluster connection." +type RemoteClusterConnectionStatus implements ClusterConnectionStatus { + """ + Name of the remote view + Stability: Short-term + """ + remoteViewName: String @stability(level: ShortTerm) + + """ + Software version of the remote view + Stability: Short-term + """ + remoteServerVersion: String @stability(level: ShortTerm) + + "Oldest server version that is protocol compatible with the remote server" + remoteServerCompatVersion: String @deprecated(reason: "[DEPRECATED: The field is no longer used in deciding protocol compatibility. Will be removed at the earliest in version 1.207]") + + """ + Id of the connection + Stability: Short-term + """ + id: String @stability(level: ShortTerm) + + """ + Whether the connection is valid + Stability: Short-term + """ + isValid: Boolean! @stability(level: ShortTerm) + + """ + Errors if the connection is invalid + Stability: Short-term + """ + errorMessages: [ConnectionAspectErrorType!]! @stability(level: ShortTerm) +} + +"The configuration for a remote table" +type RemoteTableConfig { + """ + The name of the remote table connection. + Stability: Preview + """ + connectionName: String! @stability(level: Preview) + + """ + The description of the remote table configuration. + Stability: Preview + """ + connectionDescription: String! @stability(level: Preview) + + """ + The configuration of the remote table connection. + Stability: Preview + """ + connectionConfig: RemoteTableConnectionConfig! @stability(level: Preview) +} + +"The configuration of a remote table connection." +union RemoteTableConnectionConfig = RemoteTableGenericConnectionConfig + +"The configuration of a generic remote table connection." +type RemoteTableGenericConnectionConfig { + """ + The URL for the generic remote table connection. + Stability: Preview + """ + remoteUrl: String! @stability(level: Preview) + + """ + The parameters for the generic remote table connection. + Stability: Preview + """ + parameters: [RemoteTableGenericConnectionParameter!]! @stability(level: Preview) + + """ + Configuration for static key values. + Stability: Preview + """ + staticConfigurations: [KeyValueConfiguration!]! @stability(level: Preview) +} + +"A generic remote table connection parameter" +type RemoteTableGenericConnectionParameter { + """ + The name of a generic remote table connection parameter + Stability: Preview + """ + parameterName: String! @stability(level: Preview) + + """ + The configuration of a generic remote table connection parameter. + Stability: Preview + """ + parameterConfig: RemoteTableGenericConnectionParameterConfig! @stability(level: Preview) +} + +"The configuration for a string or a long parameter" +union RemoteTableGenericConnectionParameterConfig = RemoteTableLongParameterConfig | RemoteTableStringParameterConfig + +"The configuration for a long parameter." +type RemoteTableLongParameterConfig { + """ + The optional default value of a long parameter. + Stability: Preview + """ + defaultValueLong: Long @stability(level: Preview) + + """ + The minimum value (inclusive) of a long parameter + Stability: Preview + """ + min: Long! @stability(level: Preview) + + """ + The maximum value (inclusive) of a long parameter + Stability: Preview + """ + max: Long! @stability(level: Preview) +} + +"The configuration for a string parameter." +type RemoteTableStringParameterConfig { + """ + The optional default value of a string parameter. + Stability: Preview + """ + defaultValueString: String @stability(level: Preview) +} + +"Data for removing labels from an action." +input RemoveActionLabels { + "Id of the action." + id: String! + + "Name of the view of the action." + viewName: RepoOrViewName! + + "Labels to remove from the action, at most 100 at a time." + labels: [String!]! +} + +"Data for removing a label to an aggregate alert." +input RemoveAggregateAlertLabel { + "Name of the view of the aggregate alert." + viewName: RepoOrViewName! + + "Id of the aggregate alert." + id: String! + + "Label to remove from the aggregate alert." + label: String! +} + +"Data for removing labels from an aggregate alert." +input RemoveAggregateAlertLabels { + "Name of the view of the aggregate alert." + viewName: RepoOrViewName! + + "Id of the aggregate alert." + id: String! + + "Labels to remove from the aggregate alert, at most 100 at a time." + labels: [String!]! +} + +"Data for removing a label from an alert" +input RemoveAlertLabel { + "Name of the view of the legacy alert." + viewName: String! + + "Id of the legacy alert." + id: String! + + "Label for the alert." + label: String! +} + +"Input object for field removeFieldAliasMapping" +input RemoveAliasMappingInput { + "ID of the schema that the alias mapping exists on." + schemaId: String! + + "Alias mapping ID" + aliasMappingId: String! +} + +input RemoveCrossOrgViewConnectionModel { + repoName: String! + organizationId: String! +} + +input RemoveCrossOrgViewConnectionsInput { + name: String! + connectionsToRemove: [RemoveCrossOrgViewConnectionModel!]! +} + +"Data for removing labels from a dashboard." +input RemoveDashboardLabels { + "Name of the view of the dashboard." + viewName: RepoOrViewName! + + "Id of the dashboard." + id: String! + + "Labels to remove from the dashboard, at most 100 at a time." + labels: [String!]! +} + +"Input type for removing labels from a file." +input RemoveFileLabels { + "Name of the view for the file." + viewName: RepoOrViewName! + + "Name of the file." + fileName: String! + + "Labels to remove from a file, at most 100 at a time." + labels: [String!]! +} + +"Data for removing a label from a filter alert." +input RemoveFilterAlertLabel { + "Name of the view of the filter alert." + viewName: RepoOrViewName! + + "Id of the filter alert." + id: String! + + "Label to remove from the filter alert." + label: String! +} + +"Data for removing labels from a filter alert." +input RemoveFilterAlertLabels { + "Name of the view of the filter alert." + viewName: RepoOrViewName! + + "Id of the filter alert." + id: String! + + "Labels to remove from the filter alert, at most 100 at a time." + labels: [String!]! +} + +"Data for removing a blocklist entry" +input RemoveFromBlocklistInput { + "The ID of the blocklist entry to remove" + id: String! +} + +type RemoveGroupMutation { + "Stability: Long-term" + group: Group! @stability(level: LongTerm) +} + +"Data for removing a label" +input RemoveLabelScheduledSearch { + "Name of the view of the scheduled search." + viewName: String! + + "Id of the scheduled search." + id: String! + + "Label for the scheduled search." + label: String! +} + +"Data for removing labels from a legacy alert" +input RemoveLegacyAlertLabels { + "Name of the view of the legacy alert." + viewName: RepoOrViewName! + + "Id of the legacy alert." + id: String! + + "Labels to remove from the legacy alert, at most 100 at a time." + labels: [String!]! +} + +input RemoveLimitInput { + limitName: String! +} + +input RemoveOrganizationRoleFromGroupInput { + groupId: String! + roleId: String! +} + +"Data to remove a repository cache policy" +input RemoveRepoCachePolicyInput { + "Name of repository" + repositoryName: String! +} + +input RemoveRoleFromGroupInput { + viewId: String! + groupId: String! + roleId: String! +} + +"Data for removing labels from a saved query." +input RemoveSavedQueryLabels { + "Name of the view of the saved query." + viewName: RepoOrViewName! + + "Id of the saved query." + id: String! + + "Labels to remove from the saved query, at most 100 at a time." + labels: [String!]! +} + +"Data for removing labels from a scheduled search" +input RemoveScheduledSearchLabels { + "Name of the view of the scheduled search." + viewName: RepoOrViewName! + + "Id of the scheduled search." + id: String! + + "Labels to remove from the scheduled search, at most 100 at a time." + labels: [String!]! +} + +input RemoveSecondarySubdomainInput { + subdomain: String! +} + +input RemoveStarFromQueryInput { + savedQueryId: String! + searchDomainName: String! +} + +input RemoveStarToFieldInput { + fieldName: String! + searchDomainName: String! +} + +type RemoveStarToFieldMutation { + "Stability: Long-term" + starredFields: [String!]! @stability(level: LongTerm) +} + +input RemoveSystemRoleFromGroupInput { + groupId: String! + roleId: String! +} + +input RemoveUserByIdInput { + id: String! +} + +type RemoveUserByIdMutation { + "Stability: Long-term" + user: User! @stability(level: LongTerm) +} + +input RemoveUserInput { + username: String! +} + +type RemoveUserMutation { + "Stability: Long-term" + user: User! @stability(level: LongTerm) +} + +input RemoveUsersFromGroupInput { + users: [String!]! + groupId: String! +} + +type RemoveUsersFromGroupMutation { + "Stability: Long-term" + group: Group! @stability(level: LongTerm) +} + +input RenameSearchDomainByIdInput { + "The id of the search domain." + id: String! + + "The new name of the search domain." + newName: String! + + "Optional message to why the search domain was renamed. Will be added to the audit log." + renameMessage: String +} + +input RepoFilterInput { + name: String! + filter: String! +} + +scalar RepoOrViewName + +"Data for a reported warning or error." +input ReportErrorInput { + "Error type. Supported values are Error or Warning" + errorType: String! + + "Error message" + errorMessage: String! +} + +type RepositoriesUsageQueryResult { + """ + The total number of matching results + Stability: Long-term + """ + totalResults: Int! @stability(level: LongTerm) + + """ + The paginated result set + Stability: Long-term + """ + results: [RepositoryUsageValue!]! @stability(level: LongTerm) +} + +"Query result for repositories usage data" +union RepositoriesUsageQueryResultTypes = QueryInProgress | RepositoriesUsageQueryResult + +enum RepositoriesUsageQuerySortBy { + Name + UsageValue +} + +"A repository stores ingested data, configures parsers and data retention policies." +type Repository implements SearchDomain { + """ + Repo Types are used for tracking trial status in LogScale Cloud setups. + Stability: Long-term + """ + type: RepositoryType! @stability(level: LongTerm) + + """ + Repo data types are used for controlling the types of data are allowed in the repository. + Stability: Long-term + """ + dataType: RepositoryDataType! @stability(level: LongTerm) + + """ + The limit attached to the repository. + Stability: Long-term + """ + limit: LimitV2 @stability(level: LongTerm) + + """ + The date and time in the future after which ingest for this repository will be re-enabled. + Stability: Long-term + """ + ingestBlock: DateTime @stability(level: LongTerm) + + """ + Usage tag, used to group usage summary on repositories + Stability: Long-term + """ + usageTag: String @stability(level: LongTerm) + + """ + Data sources where data is ingested from. E.g. This can be specific log files or services sending data to LogScale. + Stability: Long-term + """ + datasources: [Datasource!]! @stability(level: LongTerm) + + """ + Total size the data. Size is measured as the size stored before compression and is thus the size of the internal format, not the data that was ingested. + Stability: Long-term + """ + uncompressedByteSize: Long! @stability(level: LongTerm) + + """ + Total size of data. Size is measured as the size after compression. + Stability: Long-term + """ + compressedByteSize: Long! @stability(level: LongTerm) + + """ + Total size the data, merged parts. Size is measured as the size stored before compression and is thus the size of the internal format, not the data that was ingested. + Stability: Long-term + """ + uncompressedByteSizeOfMerged: Long! @stability(level: LongTerm) + + """ + Total size of data, merged parts. Size is measured as the size after compression. + Stability: Long-term + """ + compressedByteSizeOfMerged: Long! @stability(level: LongTerm) + + """ + The timestamp of the latest ingested data, or null if the repository is empty. + Stability: Long-term + """ + timeOfLatestIngest: DateTime @stability(level: LongTerm) + + """ + The maximum time (in days) to keep data. Data old than this will be deleted. + Stability: Long-term + """ + timeBasedRetention: Float @stability(level: LongTerm) + + """ + Retention (in Gigabytes) based on the size of data when it arrives to LogScale, that is before parsing and compression. LogScale will keep `at most` this amount of data. + Stability: Long-term + """ + ingestSizeBasedRetention: Float @stability(level: LongTerm) + + "Stability: Long-term" + ingestTokens: [IngestToken!]! @stability(level: LongTerm) + + """ + Retention (in Gigabytes) based on the size of data when in storage, that is, after parsing and compression. LogScale will keep `at least` this amount of data, but as close to this number as possible. + Stability: Long-term + """ + storageSizeBasedRetention: Float @stability(level: LongTerm) + + """ + Sets time (in days) to keep backups before they are deleted. + Stability: Long-term + """ + timeBasedBackupRetention: Float @stability(level: LongTerm) + + """ + The ingest listeners configured for this repository. + Stability: Long-term + """ + ingestListeners: [IngestListener!]! @stability(level: LongTerm) + + """ + Maximum number of auto shards created. + Stability: Long-term + """ + maxAutoShardCount: Int @stability(level: LongTerm) + + """ + Configuration for S3 archiving. E.g. bucket name and region. + Stability: Long-term + """ + s3ArchivingConfiguration: S3Configuration @stability(level: LongTerm) + + """ + Configuration for GCS archiving. E.g. bucket name. + Stability: Short-term + """ + gcsArchivingConfiguration: GCSArchivingConfiguration @stability(level: ShortTerm) + + """ + Configuration for archiving. E.g. bucket name and region. + Stability: Short-term + """ + archivingConfiguration: ArchivingConfiguration @stability(level: ShortTerm) + + """ + Configuration for azure archiving. E.g. bucket name and format. + Stability: Short-term + """ + azureArchivingConfiguration: AzureArchivingConfigurationDTO @stability(level: ShortTerm) + + """ + Provider for archiving, i.e. S3, GCS, or Azure + Stability: Short-term + """ + archivingProvider: String @stability(level: ShortTerm) + + """ + The cache policy set on this repo. + Stability: Preview + """ + cachePolicy: CachePolicy @stability(level: Preview) + + """ + The cache policy of this repo that as will be applied. + + This will apply the cache policy of the repo, org-wide default, or global + default. This will be (in order of precedence): + 1. The repo cache policy, if set. + 2. The organization-wide cache policy, if set. + 3. The global cache policy, if set. + 4. The default cache policy in which no segments are prioritized. + + Stability: Preview + """ + effectiveCachePolicy: CachePolicy! @stability(level: Preview) + + """ + Tag grouping rules applied on the repository currently. Rules only apply to the tags they denote, and tags without rules do not have any grouping. + Stability: Long-term + """ + currentTagGroupings: [TagGroupingRule!]! @stability(level: LongTerm) + + """ + The ARN of the AWS IAM identity that will write to S3 for S3 Archiving. + Stability: Short-term + """ + s3ArchivingArn: String @stability(level: ShortTerm) + + """ + The event forwarding rules configured for the repository + Stability: Long-term + """ + eventForwardingRules: [EventForwardingRule!]! @stability(level: LongTerm) + + """ + List event forwarders in the organization with only basic information + Stability: Long-term + """ + eventForwardersForSelection: [EventForwarderForSelection!]! @stability(level: LongTerm) + + """ + A saved FDR feed. + Stability: Long-term + """ + fdrFeed( + "The id of the FDR feed to get." + id: String!): FdrFeed! @stability(level: LongTerm) + + """ + Saved FDR Feeds + Stability: Long-term + """ + fdrFeeds: [FdrFeed!]! @stability(level: LongTerm) + + """ + Administrator control for an FDR feed. + Stability: Long-term + """ + fdrFeedControl( + "The id of the FDR feed to get administrator control for." + id: String!): FdrFeedControl! @stability(level: LongTerm) + + """ + Administrator controls for FDR feeds + Stability: Long-term + """ + fdrFeedControls: [FdrFeedControl!]! @stability(level: LongTerm) + + """ + A saved secret handle. + Stability: Preview + """ + secretHandle( + "The id of the secret handle to get." + id: String!): SecretHandle! @stability(level: Preview) + + """ + Saved secret handles. + Stability: Preview + """ + secretHandles( + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, + + "The amount of results to return." + limit: Int = 50): secretHandleQueryResultSet! @stability(level: Preview) + + """ + A saved Ingest feed. + Stability: Long-term + """ + ingestFeed( + "The id of the IngestFeed to get." + id: String!): IngestFeed! @stability(level: LongTerm) + + """ + Saved ingest feeds + Stability: Long-term + """ + ingestFeeds( + "Filter results based on this string" + searchFilter: String, + + "Type of ingest feed to filter" + typeFilter: [IngestFeeds__Type!], + + "Field which to sort the ingest feeds by" + sortBy: IngestFeeds__SortBy! = CreatedTimeStamp, + + "Choose the order in which the results are returned." + orderBy: OrderBy = ASC, + + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, + + "The amount of results to return." + limit: Int = 50): IngestFeedQueryResultSet! @stability(level: LongTerm) + + """ + A parser on the repository. Supply either 'id' or 'name'. + Stability: Long-term + """ + parser(id: String, name: String): Parser @stability(level: LongTerm) + + """ + Saved parsers. + Stability: Long-term + """ + parsers: [Parser!]! @stability(level: LongTerm) + + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + name: RepoOrViewName! @stability(level: LongTerm) + + "Stability: Long-term" + description: String @stability(level: LongTerm) + + """ + The point in time the search domain was marked for deletion. + Stability: Long-term + """ + deletedDate: Long @stability(level: LongTerm) + + """ + The point in time the search domain will not be restorable anymore. + Stability: Long-term + """ + permanentlyDeletedAt: Long @stability(level: LongTerm) + + "Stability: Long-term" + isStarred: Boolean! @stability(level: LongTerm) + + """ + Search limit in milliseconds, which searches should are limited to. + Stability: Long-term + """ + searchLimitedMs: Long @stability(level: LongTerm) + + """ + Repositories not part of the search limitation. + Stability: Long-term + """ + reposExcludedInSearchLimit: [String!]! @stability(level: LongTerm) + + """ + Returns a specific version of a package given a package version. + Stability: Long-term + """ + packageV2( + "The package id of the package to get." + packageId: VersionedPackageSpecifier!): Package2! @stability(level: LongTerm) + + """ + The available versions of a package. + Stability: Long-term + """ + packageVersions(packageId: UnversionedPackageSpecifier!): [RegistryPackageVersionInfo!]! @stability(level: LongTerm) + + """ + Returns a list of available packages that can be installed. + Stability: Long-term + """ + availablePackages( + "Filter input to limit the returned packages" + filter: String, + + "Packages with any of these tags will be included. No filtering on tags." + tags: [PackageTag!], + + "Packages with any of these categories will be included." + categories: [String!]): [PackageRegistrySearchResultItem!]! @stability(level: LongTerm) + + """ + List packages installed on a specific view or repo. + Stability: Long-term + """ + installedPackages: [PackageInstallation!]! @stability(level: LongTerm) + + "Stability: Long-term" + hasPackageInstalled(packageId: VersionedPackageSpecifier!): Boolean! @stability(level: LongTerm) + + """ + Users who have access. + Stability: Long-term + """ + users: [User!]! @stability(level: LongTerm) + + """ + Users or groups who has access. + Stability: Long-term + """ + usersAndGroups(search: String, + + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, + + "The amount of results to return." + limit: Int = 50): UsersAndGroupsSearchResultSet! @stability(level: LongTerm) + + """ + Search users with a given permission + Stability: Short-term + """ + usersV2( + "Search for a user whose email or name matches this search string" + search: String, + + "Permission that the users must have on the search domain. Leave out to get users with any permission on the view" + permissionFilter: Permission, + + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, + + "The amount of results to return." + limit: Int = 50): Users! @stability(level: ShortTerm) + + """ + Groups with assigned roles. + Stability: Long-term + """ + groups: [Group!]! @stability(level: LongTerm) + + "Stability: Long-term" + starredFields: [String!]! @stability(level: LongTerm) + + "Stability: Long-term" + recentQueriesV2: [RecentQuery!]! @stability(level: LongTerm) + + "Stability: Long-term" + automaticSearch: Boolean! @stability(level: LongTerm) + + """ + Check if the current user is allowed to perform the given action on the view. + Stability: Long-term + """ + isActionAllowed( + "The action to check if a user is allowed to perform on a view." + action: ViewAction!): Boolean! @stability(level: LongTerm) + + """ + Returns the all actions the user is allowed to perform on the view. + Stability: Long-term + """ + allowedViewActions: [ViewAction!]! @stability(level: LongTerm) + + """ + The query prefix prepended to each search in this domain. + Stability: Long-term + """ + viewerQueryPrefix: String! @stability(level: LongTerm) + + """ + All tags from all datasources. + Stability: Long-term + """ + tags: [String!]! @stability(level: LongTerm) + + """ + The resource identifier for this search domain. + Stability: Short-term + """ + resource: String! @stability(level: ShortTerm) + + """ + The redirected query asset lookup view used for asset resolution when set. Assets like saved queries and lookup files will be resolved from this view instead of the current view. + Stability: Preview + """ + redirectQueryAssetLookupTo: SearchDomain @stability(level: Preview) + + """ + The AWS External ID used when assuming roles in AWS on behalf of this repository. + Stability: Long-term + """ + awsExternalId: String! @stability(level: LongTerm) + + """ + The ARN of the AWS IAM identity that will write to S3 for S3 actions. + Stability: Long-term + """ + s3ActionArn: String @stability(level: LongTerm) + + """ + All interactions defined on the view. + Stability: Long-term + """ + interactions: [ViewInteraction!]! @stability(level: LongTerm) + + """ + A saved alert + Stability: Long-term + """ + alert(id: String!): Alert! @stability(level: LongTerm) + + """ + Saved alerts. + Stability: Long-term + """ + alerts: [Alert!]! @stability(level: LongTerm) + + """ + A saved dashboard. + Stability: Long-term + """ + dashboard(id: String!): Dashboard! @stability(level: LongTerm) + + """ + All dashboards available on the view. + Stability: Long-term + """ + dashboards: [Dashboard!]! @stability(level: LongTerm) + + """ + A saved filter alert + Stability: Long-term + """ + filterAlert( + "Id of the filter alert. Supply either 'id' or 'name'." + id: String, + + "Name of the filter alert. Filter alerts in packages can be referred to as \"packagescope/packagename:alertname\". Supply either 'id' or 'name'." + name: String): FilterAlert! @stability(level: LongTerm) + + """ + Saved filter alerts. + Stability: Long-term + """ + filterAlerts: [FilterAlert!]! @stability(level: LongTerm) + + """ + A saved aggregate alert + Stability: Long-term + """ + aggregateAlert( + "Id of the aggregate alert. Supply either 'id' or 'name'." + id: String, + + "Name of the aggregate alert. Aggregate alerts in packages can be referred to as \"packagescope/packagename:alertname\". Supply either 'id' or 'name'." + name: String): AggregateAlert! @stability(level: LongTerm) + + """ + Saved aggregate alerts. + Stability: Long-term + """ + aggregateAlerts: [AggregateAlert!]! @stability(level: LongTerm) + + """ + A saved scheduled search. + Stability: Long-term + """ + scheduledSearch( + "Id of the scheduled search. Supply either 'id' or 'name'." + id: String, + + "Name of the scheduled search. Scheduled searches in packages can be referred to as \"packagescope/packagename:scheduledsearchname\". Supply either 'id' or 'name'." + name: String): ScheduledSearch! @stability(level: LongTerm) + + """ + Saved scheduled searches. + Stability: Long-term + """ + scheduledSearches: [ScheduledSearch!]! @stability(level: LongTerm) + + """ + A saved action. + Stability: Long-term + """ + action( + "The id of the action to get." + id: String!): Action! @stability(level: LongTerm) + + """ + A list of saved actions. + Stability: Long-term + """ + actions( + "The result will only include actions with the specified ids. Omit to find all actions." + actionIds: [String!]): [Action!]! @stability(level: LongTerm) + + """ + A saved query. + Stability: Long-term + """ + savedQuery(id: String!): SavedQuery! @stability(level: LongTerm) + + """ + Saved queries. + Stability: Long-term + """ + savedQueries: [SavedQuery!]! @stability(level: LongTerm) + + "Stability: Long-term" + defaultQuery: SavedQuery @stability(level: LongTerm) + + "Stability: Long-term" + files: [File!]! @stability(level: LongTerm) + + "Stability: Long-term" + fileFieldSearch( + "Name of the csv or json file to retrieve the field entries from." + fileName: String!, + + "Name of the field in the file to return entries from." + fieldName: String!, + + "Text to filter values by prefix on." + prefixFilter: String, + + "The exact values that given fields should have for an entry to be part of the result." + valueFilters: [FileFieldFilterType!]!, + + "Names of the fields to include in the result." + fieldsToInclude: [String!]!, + + "Maximum number of values to retrieve from the file." + maxEntries: Int!): [[DictionaryEntryType!]!]! @stability(level: LongTerm) + + """ + Saved scheduled reports. + Stability: Long-term + """ + scheduledReports: [ScheduledReport!]! @stability(level: LongTerm) + + """ + Saved scheduled report. + Stability: Long-term + """ + scheduledReport( + "The id of the scheduled report to get." + id: String!): ScheduledReport @stability(level: LongTerm) +} + +"The data type of a repository. Indicates which type of data the repository is restricted to - e.g. 'Falcon' for repository intended for Falcon data" +enum RepositoryDataType { + FALCON + ANYDATA +} + +"The repository type of a repository" +enum RepositoryType { + PERSONAL + TRIAL + DEFAULT + SYSTEM + MANAGED +} + +type RepositoryUsageValue { + "Stability: Long-term" + name: String @stability(level: LongTerm) + + "Stability: Long-term" + valueBytes: Long! @stability(level: LongTerm) + + "Stability: Long-term" + percentage: Float! @stability(level: LongTerm) + + "Stability: Long-term" + id: String! @stability(level: LongTerm) +} + +"Data for resetting quota" +input ResetQuotaInput { + "New quota value to set" + newQuota: Long + + "New rate value to set" + newRate: Long +} + +input RestoreDeletedSearchDomainInput { + "The id of the search domain." + id: String! + + "The id of the limit to use for the search domain if the original limit no longer exists." + fallbackLimitId: String +} + +input ResubmitMarketoLeadData { + utmParams: UtmParams + zip: String +} + +input RevokeSessionInput { + id: String! + revocationType: SessionRevocation__Type! +} + +type Role { + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + displayName: String! @stability(level: LongTerm) + color: String @deprecated(reason: "[DEPRECATED: Role colors are no longer used. Will be removed at the earliest in version 1.195]") + + "Stability: Long-term" + description: String @stability(level: LongTerm) + + "Stability: Long-term" + viewPermissions: [Permission!]! @stability(level: LongTerm) + + "Stability: Long-term" + systemPermissions: [SystemPermission!]! @stability(level: LongTerm) + + "Stability: Long-term" + organizationPermissions: [OrganizationPermission!]! @stability(level: LongTerm) + + "Stability: Long-term" + organizationManagementPermissions: [OrganizationManagementPermission!]! @stability(level: LongTerm) + + "Stability: Long-term" + groupsCount: Int! @stability(level: LongTerm) + + "Stability: Long-term" + usersCount: Int! @stability(level: LongTerm) + + "Stability: Long-term" + users: [User!]! @stability(level: LongTerm) + + "Stability: Long-term" + groupsV2(search: String, userId: String, searchInRoles: Boolean, onlyIncludeGroupsWithRestrictiveQueryPrefix: Boolean, + + "The amount of results to return." + limit: Int = 50, + + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0): GroupResultSetType! @stability(level: LongTerm) + + "Stability: Long-term" + groups: [Group!]! @stability(level: LongTerm) + + "Stability: Preview" + readonlyDefaultRole: ReadonlyDefaultRole @stability(level: Preview) +} + +"A page of roles." +type RolePage { + "Stability: Long-term" + pageInfo: PageType! @stability(level: LongTerm) + + "Stability: Long-term" + page: [Role!]! @stability(level: LongTerm) +} + +"The roles query result set." +type RolesResultSetType { + """ + The total number of matching results + Stability: Long-term + """ + totalResults: Int! @stability(level: LongTerm) + + """ + The paginated result set + Stability: Long-term + """ + results: [Role!]! @stability(level: LongTerm) +} + +input RotateTokenInputData { + id: String! +} + +input RunInconsistencyCheckInput { + "If true, any inconsistencies found will be logged but no further action is taken. If false, these inconsistencies will be patched automatically" + dryRun: Boolean! +} + +"Queries that are currently being executed" +type RunningQueries { + """ + Number of milliseconds until next update is available + Stability: Long-term + """ + updateAvailableIn: Long! @stability(level: LongTerm) + + """ + Total number of queries being executed + Stability: Long-term + """ + totalNumberOfQueries: Int! @stability(level: LongTerm) + + """ + Total number of live queries being executed + Stability: Long-term + """ + totalNumberOfLiveQueries: Int! @stability(level: LongTerm) + + """ + Total number of clients querying + Stability: Long-term + """ + totalNumberOfClients: Int! @stability(level: LongTerm) + + """ + Total size of skipped bytes for all queries being executed + Stability: Long-term + """ + totalSkippedBytes: Long! @stability(level: LongTerm) + + """ + Total size of included bytes for all queries being executed + Stability: Long-term + """ + totalIncludedBytes: Long! @stability(level: LongTerm) + + """ + Total size of remaining bytes to be processed for all queries being executed + Stability: Long-term + """ + totalQueuedBytes: Long! @stability(level: LongTerm) + + """ + Queries being executed, at most 1000 queries are returned. + Stability: Long-term + """ + queries: [RunningQuery!]! @stability(level: LongTerm) +} + +"A query that is currently being executed." +type RunningQuery { + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + clients: [Client!]! @stability(level: LongTerm) + + "Stability: Long-term" + initiatedBy: String @stability(level: LongTerm) + + "Stability: Long-term" + isLive: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + isHistoricDone: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + queryInput: String! @stability(level: LongTerm) + + "Stability: Long-term" + queryPrefix: String! @stability(level: LongTerm) + + "Stability: Long-term" + coordinatorId: String! @stability(level: LongTerm) + + "Stability: Long-term" + totalWork: Int! @stability(level: LongTerm) + + "Stability: Long-term" + workDone: Int! @stability(level: LongTerm) + + "Stability: Long-term" + view: String! @stability(level: LongTerm) + + """ + The organization owning the query, if any. + Stability: Long-term + """ + organization: Organization @stability(level: LongTerm) + + "Stability: Long-term" + timeInMillis: Long! @stability(level: LongTerm) + + "Stability: Long-term" + timeQueuedInMillis: Long! @stability(level: LongTerm) + + "Stability: Long-term" + isDashboard: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + estimatedTotalBytes: Long! @stability(level: LongTerm) + + "Stability: Long-term" + skippedBytes: Long! @stability(level: LongTerm) + + "Stability: Long-term" + includedBytes: Long! @stability(level: LongTerm) + + "Stability: Long-term" + processedEvents: Long! @stability(level: LongTerm) + + """ + Static CPU time spent since query started + Stability: Long-term + """ + mapMillis: Float! @stability(level: LongTerm) + + """ + Static CPU time spent the last 30 seconds + Stability: Long-term + """ + deltaMapMillis: Float! @stability(level: LongTerm) + + """ + Live CPU time spent since query started + Stability: Long-term + """ + liveMillis: Float! @stability(level: LongTerm) + + """ + Live CPU time spent the last 30 seconds + Stability: Long-term + """ + deltaLiveMillis: Float! @stability(level: LongTerm) + + "Stability: Long-term" + mapAllocations: Long! @stability(level: LongTerm) + + "Stability: Long-term" + liveAllocations: Long! @stability(level: LongTerm) + + "Stability: Long-term" + reduceAllocations: Long! @stability(level: LongTerm) + + "Stability: Long-term" + totalAllocations: Long! @stability(level: LongTerm) + + "Stability: Long-term" + deltaTotalAllocations: Long! @stability(level: LongTerm) + + "Stability: Long-term" + timeInterval: String! @stability(level: LongTerm) + + "Stability: Long-term" + timeZoneOffSetMinutes: Int! @stability(level: LongTerm) + + "Stability: Long-term" + queryArgs: String! @stability(level: LongTerm) + + "Stability: Long-term" + status: String! @stability(level: LongTerm) + + """ + Total cost calculation. + Stability: Long-term + """ + totalCost: Float! @stability(level: LongTerm) + + """ + Live cost calculation + Stability: Long-term + """ + liveCost: Float! @stability(level: LongTerm) + + """ + Static cost calculation + Stability: Long-term + """ + staticCost: Float! @stability(level: LongTerm) + + """ + Total cost calculation last 30 seconds. + Stability: Long-term + """ + deltaTotalCost: Float! @stability(level: LongTerm) + + """ + Live cost calculation last 30 seconds. + Stability: Long-term + """ + deltaLiveCost: Float! @stability(level: LongTerm) + + """ + Static cost calculation last 30 seconds. + Stability: Long-term + """ + deltaStaticCost: Float! @stability(level: LongTerm) +} + +"An S3 action" +type S3Action implements Action { + """ + ARN of the role to be assumed. + Stability: Long-term + """ + roleArn: String! @stability(level: LongTerm) + + """ + AWS region. For options see: https://docs.aws.amazon.com/general/latest/gr/s3.html + Stability: Long-term + """ + awsRegion: String! @stability(level: LongTerm) + + """ + Name of the bucket. + Stability: Long-term + """ + bucketName: String! @stability(level: LongTerm) + + """ + Name of the file(s). You can use most message templates for this. See documentation for S3 action: https://library.humio.com/data-analysis/automated-actions-s3.html + Stability: Long-term + """ + fileName: String! @stability(level: LongTerm) + + """ + Output format type for the result. Can be either NDJSON or CSV. + Stability: Long-term + """ + outputFormat: S3ActionEventOutputFormat! @stability(level: LongTerm) + + """ + Whether to output metadata for the result. Metadata will be output as a separate JSON file. + Stability: Long-term + """ + outputMetadata: Boolean! @stability(level: LongTerm) + + """ + Defines whether the action should use the configured HTTP proxy to send requests. + Stability: Long-term + """ + useProxy: Boolean! @stability(level: LongTerm) + + """ + The name of the action. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + The display name of the action. + Stability: Long-term + """ + displayName: String! @stability(level: LongTerm) + + """ + The id of the action. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + A template that can be used to recreate the action. + Stability: Long-term + """ + yamlTemplate: YAML! @stability(level: LongTerm) + + "Stability: Long-term" + packageId: VersionedPackageSpecifier @stability(level: LongTerm) + + """ + The package, if any, which the action is part of. + Stability: Long-term + """ + package: PackageInstallation @stability(level: LongTerm) + + """ + False if this type of action is disabled because of a security policy, true otherwise + Stability: Long-term + """ + isAllowedToRun: Boolean! @stability(level: LongTerm) + + """ + True if this action is used by triggers, where the query is run by the organization. If true, then the OrganizationOwnedQueries permission is required to edit the action. + Stability: Long-term + """ + requiresOrganizationOwnedQueriesPermissionToEdit: Boolean! @stability(level: LongTerm) + + """ + Allowed asset actions + Stability: Short-term + """ + allowedActions: [AssetAction!]! @stability(level: ShortTerm) + + """ + The resource identifier for this action. + Stability: Short-term + """ + resource: String! @stability(level: ShortTerm) + + """ + Metadata related to the creation of the action + Stability: Long-term + """ + createdInfo: AssetCommitMetadata @stability(level: LongTerm) + + """ + Metadata related to the latest modification of the action + Stability: Long-term + """ + modifiedInfo: AssetCommitMetadata @stability(level: LongTerm) + + """ + Labels to categorize the action. + Stability: Preview + """ + labels: [String!] @stability(level: Preview) +} + +"Output format to use for S3 action" +enum S3ActionEventOutputFormat { + "Use NDJSON when writing to S3" + NDJSON + + "Use CSV when writing to S3" + CSV +} + +"The format to store archived segments in AWS S3." +enum S3ArchivingFormat { + RAW + NDJSON +} + +"Configuration for S3 archiving. E.g. bucket name and region." +type S3Configuration implements ArchivingConfiguration { + """ + S3 bucket name for storing archived data. Example: acme-bucket. + Stability: Short-term + """ + bucket: String! @stability(level: ShortTerm) + + """ + The region the S3 bucket belongs to. Example: eu-central-1. + Stability: Short-term + """ + region: String! @stability(level: ShortTerm) + + """ + Do not archive logs older than this. + Stability: Short-term + """ + startFrom: DateTime @stability(level: ShortTerm) + + """ + Whether the archiving has been disabled. + Stability: Short-term + """ + disabled: Boolean @stability(level: ShortTerm) + + """ + The format to store the archived data in on S3. + Stability: Short-term + """ + format: S3ArchivingFormat @stability(level: ShortTerm) + + """ + Array of names of tag fields to use in that order in the output file names. + Stability: Short-term + """ + tagOrderInName: [String!]! @stability(level: ShortTerm) + + """ + The ARN of the AWS Role that is assumed when writing to S3. + Stability: Short-term + """ + roleArn: String @stability(level: ShortTerm) +} + +"This authentication type implements the SAML 2.0 Web Browser SSO Profile." +type SAMLAuthentication implements AuthenticationMethod { + "Stability: Long-term" + name: String! @stability(level: LongTerm) +} + +"A SAML Identity Provider" +type SamlIdentityProvider implements IdentityProviderAuthentication { + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + domains: [String!]! @stability(level: LongTerm) + + "Stability: Long-term" + groupMembershipAttribute: String @stability(level: LongTerm) + + "Stability: Long-term" + idpCertificateInBase64: String! @stability(level: LongTerm) + + "Stability: Long-term" + idpEntityId: String! @stability(level: LongTerm) + + "Stability: Long-term" + signOnUrl: String! @stability(level: LongTerm) + + "Stability: Long-term" + authenticationMethod: AuthenticationMethodAuth! @stability(level: LongTerm) + + "Stability: Long-term" + userAttribute: String @stability(level: LongTerm) + + "Stability: Long-term" + adminAttribute: String @stability(level: LongTerm) + + "Stability: Long-term" + adminAttributeMatch: String @stability(level: LongTerm) + + "Stability: Long-term" + alternativeIdpCertificateInBase64: String @stability(level: LongTerm) + + "Stability: Long-term" + defaultIdp: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + humioManaged: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + lazyCreateUsers: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + debug: Boolean! @stability(level: LongTerm) +} + +type SamlIdentityProviderAuth implements AuthenticationMethodAuth { + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + authType: String! @stability(level: LongTerm) +} + +type SamlMetadata { + "Stability: Long-term" + entityID: String! @stability(level: LongTerm) + + "Stability: Long-term" + signOnUrl: String! @stability(level: LongTerm) + + "Stability: Long-term" + certificate: String! @stability(level: LongTerm) +} + +"A query saved for later use." +type SavedQuery { + "A YAML formatted string that describes the saved query." + templateYaml: String! @deprecated(reason: "[DEPRECATED: Field has been renamed to yamlTemplate. Will be removed at the earliest in version 1.225]") + + """ + A YAML formatted string that describes the saved query. + Stability: Long-term + """ + yamlTemplate: YAML! @stability(level: LongTerm) + + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + displayName: String! @stability(level: LongTerm) + + "Stability: Long-term" + description: String @stability(level: LongTerm) + + "Stability: Long-term" + labels: [String!]! @stability(level: LongTerm) + + "Stability: Long-term" + query: HumioQuery! @stability(level: LongTerm) + + "Stability: Long-term" + isStarred: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + widgetType: String! @stability(level: LongTerm) + + "Stability: Long-term" + options: JSON! @stability(level: LongTerm) + + "Stability: Long-term" + packageId: VersionedPackageSpecifier @stability(level: LongTerm) + + "Stability: Long-term" + package: PackageInstallation @stability(level: LongTerm) + + "Stability: Long-term" + interactions: [QueryBasedWidgetInteraction!]! @stability(level: LongTerm) + + """ + Allowed asset actions + Stability: Short-term + """ + allowedActions: [AssetAction!]! @stability(level: ShortTerm) + + """ + The resource identifier for this saved query. + Stability: Short-term + """ + resource: String! @stability(level: ShortTerm) + + """ + Metadata related to the creation of the dashboard + Stability: Long-term + """ + createdInfo: AssetCommitMetadata @stability(level: LongTerm) + + """ + Metadata related to the latest modification of the saved query + Stability: Long-term + """ + modifiedInfo: AssetCommitMetadata @stability(level: LongTerm) +} + +"A saved query" +type SavedQueryEntry { + "Stability: Long-term" + savedQuery: SavedQuery! @stability(level: LongTerm) + + "Stability: Preview" + view: SearchDomain! @stability(level: Preview) +} + +type SavedQueryIsStarred { + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + isStarred: Boolean! @stability(level: LongTerm) +} + +type SavedQueryStarredUpdate { + "Stability: Long-term" + savedQuery: SavedQueryIsStarred! @stability(level: LongTerm) +} + +type SavedQueryTemplate { + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + displayName: String! @stability(level: LongTerm) + + "Stability: Long-term" + yamlTemplate: String! @stability(level: LongTerm) +} + +type ScannedData { + "Stability: Long-term" + currentBytes: Long! @stability(level: LongTerm) + + "Stability: Long-term" + limit: UsageLimit! @stability(level: LongTerm) +} + +"A scheduled report schedule properties" +type Schedule { + """ + Cron pattern describing the schedule to execute the report on. + Stability: Long-term + """ + cronExpression: String! @stability(level: LongTerm) + + """ + Timezone of the schedule. Examples include UTC, Europe/Copenhagen. + Stability: Long-term + """ + timeZone: String! @stability(level: LongTerm) + + """ + Start date of the active period of the schedule. + Stability: Long-term + """ + startDate: Long! @stability(level: LongTerm) + + """ + Optional end date of the active period of the schedule. + Stability: Long-term + """ + endDate: Long @stability(level: LongTerm) +} + +"Input for scheduling the deletion of a secret handle. Warning this may break existing functionality." +input ScheduleDeleteSecretHandleInput { + "Name or id of the repository of the secret handle." + repositoryNameOrId: RepoOrViewName! + + "Id of the secret handle." + id: String! +} + +"Information about a scheduled report" +type ScheduledReport { + """ + Id of the scheduled report. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + Name of the scheduled report. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + Flag indicating whether a password is defined for the report. + Stability: Long-term + """ + isPasswordDefined: Boolean! @stability(level: LongTerm) + + """ + Flag indicating whether the scheduled report is enabled. + Stability: Long-term + """ + enabled: Boolean! @stability(level: LongTerm) + + """ + Status of the latest report execution. + Stability: Long-term + """ + status: String! @stability(level: LongTerm) + + """ + Description of the scheduled report. + Stability: Long-term + """ + description: String! @stability(level: LongTerm) + + """ + The id of the dashboard the report was created for. + Stability: Long-term + """ + dashboardId: String! @stability(level: LongTerm) + + """ + The dashboard the report was created for. + Stability: Long-term + """ + dashboard: Dashboard @stability(level: LongTerm) + + """ + Unix timestamp for the last report execution. The timestamp only indicates an attempt, not if it was successful. + Stability: Long-term + """ + timeOfLastReportExecution: Long @stability(level: LongTerm) + + """ + Unix timestamp for the next planned report execution. + Stability: Long-term + """ + timeOfNextPlannedReportExecution: Long @stability(level: LongTerm) + + """ + Last errors encountered while generating the scheduled report. + Stability: Long-term + """ + lastExecutionErrors: [String!]! @stability(level: LongTerm) + + """ + Last warnings encountered while generating the scheduled report. + Stability: Long-term + """ + lastExecutionWarnings: [String!]! @stability(level: LongTerm) + + """ + User who created the report. + Stability: Long-term + """ + createdBy: User @stability(level: LongTerm) + + """ + Date when the report was created. + Stability: Long-term + """ + creationDate: String! @stability(level: LongTerm) + + """ + Start of the relative time interval for the dashboard. + Stability: Long-term + """ + timeIntervalStart: String @stability(level: LongTerm) + + """ + The schedule to run the report by. + Stability: Long-term + """ + schedule: Schedule! @stability(level: LongTerm) + + """ + Labels attached to the scheduled report. + Stability: Long-term + """ + labels: [String!]! @stability(level: LongTerm) + + """ + List of parameter value configurations. + Stability: Long-term + """ + parameters: [ParameterValue!]! @stability(level: LongTerm) + + """ + List of recipients who should receive an email with the generated report. + Stability: Long-term + """ + recipients: [String!]! @stability(level: LongTerm) + + """ + Layout of the scheduled report. + Stability: Long-term + """ + layout: ScheduledReportLayout! @stability(level: LongTerm) + + """ + Allowed asset actions + Stability: Short-term + """ + allowedActions: [AssetAction!]! @stability(level: ShortTerm) + + """ + The resource identifier for this scheduled report. + Stability: Short-term + """ + resource: String! @stability(level: ShortTerm) +} + +"A scheduled report" +type ScheduledReportEntry { + "Stability: Long-term" + scheduledReport: ScheduledReport! @stability(level: LongTerm) + + "Stability: Preview" + view: SearchDomain! @stability(level: Preview) +} + +"Information about a scheduled report layout" +type ScheduledReportLayout { + """ + Paper size. Supported types are A4 and Letter. + Stability: Long-term + """ + paperSize: String! @stability(level: LongTerm) + + """ + Paper orientation. Supported types are Landscape and Portrait. + Stability: Long-term + """ + paperOrientation: String! @stability(level: LongTerm) + + """ + Paper layout. Supported types are List and Grid. + Stability: Long-term + """ + paperLayout: String! @stability(level: LongTerm) + + """ + Flag indicating whether to show report description. + Stability: Long-term + """ + showDescription: Boolean @stability(level: LongTerm) + + """ + Flag indicating whether to show title on frontpage. + Stability: Long-term + """ + showTitleFrontpage: Boolean! @stability(level: LongTerm) + + """ + Flag indicating whether to show parameters. + Stability: Long-term + """ + showParameters: Boolean! @stability(level: LongTerm) + + """ + Max number of rows to display in tables. + Stability: Long-term + """ + maxNumberOfRows: Int! @stability(level: LongTerm) + + """ + Flag indicating whether to show title header. + Stability: Long-term + """ + showTitleHeader: Boolean! @stability(level: LongTerm) + + """ + Flag indicating whether to show export date. + Stability: Long-term + """ + showExportDate: Boolean! @stability(level: LongTerm) + + """ + Flag indicating whether to show footer page numbers. + Stability: Long-term + """ + footerShowPageNumbers: Boolean! @stability(level: LongTerm) +} + +"Data for reporting a failed report generation attempt." +input ScheduledReportResultFailedInput { + "A list of resulting errors and warnings." + reportErrors: [ReportErrorInput!]! +} + +"Data for reporting a successful report generation attempt." +input ScheduledReportResultSucceededInput { + "Filename of resulting report file." + filename: String! +} + +"Information about a scheduled search" +type ScheduledSearch { + """ + Id of the scheduled search. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + Name of the scheduled search. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + Description of the scheduled search. + Stability: Long-term + """ + description: String @stability(level: LongTerm) + + """ + LogScale query to execute. + Stability: Long-term + """ + queryString: String! @stability(level: LongTerm) + + "Start of the relative time interval for the query." + start: String! @deprecated(reason: "[DEPRECATED: Use 'searchIntervalSeconds' instead. Will be removed at the earliest in version 1.231]") + + "End of the relative time interval for the query." + end: String! @deprecated(reason: "[DEPRECATED: Use 'searchIntervalOffsetSeconds' instead. Will be removed at the earliest in version 1.231]") + + """ + Search interval in seconds. + Stability: Long-term + """ + searchIntervalSeconds: Long! @stability(level: LongTerm) + + """ + Offset of the search interval in seconds. Only present when 'queryTimestampType' is EventTimestamp. + Stability: Long-term + """ + searchIntervalOffsetSeconds: Long @stability(level: LongTerm) + + """ + Maximum number of seconds to wait for ingest delay. Only present when 'queryTimestampType' is IngestTimestamp. + Stability: Long-term + """ + maxWaitTimeSeconds: Long @stability(level: LongTerm) + + """ + Time zone of the schedule. Currently this field only supports UTC offsets like 'UTC', 'UTC-01' or 'UTC+12:45'. + Stability: Long-term + """ + timeZone: String! @stability(level: LongTerm) + + """ + Cron pattern describing the schedule to execute the query on. + Stability: Long-term + """ + schedule: String! @stability(level: LongTerm) + + "User-defined limit, which caps the number of missed searches to backfill, e.g. in the event of a shutdown. If the 'queryTimestampType' is IngestTimestamp this field is not used, but due to backwards compatibility a value of 0 is returned." + backfillLimit: Int! @deprecated(reason: "[DEPRECATED: Use 'backfillLimitV2' instead. Will be removed at the earliest in version 1.231]") + + """ + User-defined limit, which caps the number of missed searches to backfill, e.g. in the event of a shutdown. Only present when 'queryTimestampType' is EventTimestamp. + Stability: Long-term + """ + backfillLimitV2: Int @stability(level: LongTerm) + + """ + Timestamp type to use for the query. + Stability: Long-term + """ + queryTimestampType: QueryTimestampType! @stability(level: LongTerm) + + """ + Flag indicating whether the scheduled search is enabled. + Stability: Long-term + """ + enabled: Boolean! @stability(level: LongTerm) + + """ + Flag indicating whether the scheduled search should trigger when it finds en empty result (no events). + Stability: Long-term + """ + triggerOnEmptyResult: Boolean! @stability(level: LongTerm) + + """ + List of Ids for actions to fire on query result. + Stability: Long-term + """ + actions: [String!]! @stability(level: LongTerm) + + """ + List of actions to fire on query result. + Stability: Long-term + """ + actionsV2: [Action!]! @stability(level: LongTerm) + + """ + Id of user which the scheduled search is running as. + Stability: Long-term + """ + runAsUser: User @stability(level: LongTerm) + + """ + Unix timestamp for end of search interval for last query execution. + Stability: Long-term + """ + lastExecuted: Long @stability(level: LongTerm) + + """ + Unix timestamp for end of search interval for last query execution that triggered. + Stability: Long-term + """ + lastTriggered: Long @stability(level: LongTerm) + + """ + Unix timestamp for next planned search. + Stability: Long-term + """ + timeOfNextPlannedExecution: Long @stability(level: LongTerm) + + """ + Last error encountered while running the search. + Stability: Long-term + """ + lastError: String @stability(level: LongTerm) + + """ + Last warnings encountered while running the scheduled search. + Stability: Long-term + """ + lastWarnings: [String!]! @stability(level: LongTerm) + + """ + Labels added to the scheduled search. + Stability: Long-term + """ + labels: [String!]! @stability(level: LongTerm) + + """ + A template that can be used to recreate the scheduled search. + Stability: Long-term + """ + yamlTemplate: YAML! @stability(level: LongTerm) + + "Stability: Long-term" + packageId: VersionedPackageSpecifier @stability(level: LongTerm) + + "Stability: Long-term" + package: PackageInstallation @stability(level: LongTerm) + + """ + User or token used to modify the asset. + Stability: Preview + """ + modifiedInfo: ModifiedInfo! @stability(level: Preview) + + """ + Ownership of the query run by this scheduled search + Stability: Long-term + """ + queryOwnership: QueryOwnership! @stability(level: LongTerm) + + """ + Allowed asset actions + Stability: Short-term + """ + allowedActions: [AssetAction!]! @stability(level: ShortTerm) + + """ + The resource identifier for this scheduled search. + Stability: Short-term + """ + resource: String! @stability(level: ShortTerm) + + """ + Metadata related to the creation of the scheduled search + Stability: Long-term + """ + createdInfo: AssetCommitMetadata @stability(level: LongTerm) +} + +type ScheduledSearchTemplate { + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + displayName: String! @stability(level: LongTerm) + + "Stability: Long-term" + yamlTemplate: String! @stability(level: LongTerm) + + "Stability: Long-term" + labels: [String!]! @stability(level: LongTerm) +} + +"The schema used for the parser. Cannot be given with a yaml schema." +enum Schema { + "Stability: Preview" + ORIGINAL_CPS @stability(level: Preview) + + "Stability: Preview" + ECS_EXTENDED @stability(level: Preview) +} + +type SchemaField { + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + description: String @stability(level: LongTerm) +} + +input SchemaFieldInput { + name: String! + description: String +} + +"Violations detected against the provided schema" +type SchemaViolation { + """ + The name of the field on which the violation was detected + Stability: Short-term + """ + fieldName: String! @stability(level: ShortTerm) + + """ + Error message for the violation + Stability: Short-term + """ + errorMessage: String! @stability(level: ShortTerm) +} + +"An asset permissions search result entry" +type SearchAssetPermissionsResultEntry { + """ + The unique id for the Asset + Stability: Short-term + """ + assetId: String! @stability(level: ShortTerm) + + """ + The name of the Asset + Stability: Short-term + """ + assetName: String! @stability(level: ShortTerm) + + """ + The type of the Asset + Stability: Short-term + """ + assetType: AssetPermissionsAssetType! @stability(level: ShortTerm) + + """ + The search domain that the asset belongs to + Stability: Short-term + """ + searchDomain: SearchDomain @stability(level: ShortTerm) + + """ + The asset actions allowed for this asset + Stability: Short-term + """ + permissions: [AssetAction!]! @stability(level: ShortTerm) + + """ + The resource string representation of this asset. Can be used for assigning asset permissions for this asset + Stability: Short-term + """ + resource: String! @stability(level: ShortTerm) +} + +"Common interface for Repositories and Views." +interface SearchDomain { + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + name: RepoOrViewName! @stability(level: LongTerm) + + "Stability: Long-term" + description: String @stability(level: LongTerm) + + """ + The point in time the search domain was marked for deletion. + Stability: Long-term + """ + deletedDate: Long @stability(level: LongTerm) + + """ + The point in time the search domain will not be restorable anymore. + Stability: Long-term + """ + permanentlyDeletedAt: Long @stability(level: LongTerm) + + "Stability: Long-term" + isStarred: Boolean! @stability(level: LongTerm) + + """ + Search limit in milliseconds, which searches should are limited to. + Stability: Long-term + """ + searchLimitedMs: Long @stability(level: LongTerm) + + """ + Repositories not part of the search limitation. + Stability: Long-term + """ + reposExcludedInSearchLimit: [String!]! @stability(level: LongTerm) + + """ + Returns a specific version of a package given a package version. + Stability: Long-term + """ + packageV2( + "The package id of the package to get." + packageId: VersionedPackageSpecifier!): Package2! @stability(level: LongTerm) + + """ + The available versions of a package. + Stability: Long-term + """ + packageVersions(packageId: UnversionedPackageSpecifier!): [RegistryPackageVersionInfo!]! @stability(level: LongTerm) + + """ + Returns a list of available packages that can be installed. + Stability: Long-term + """ + availablePackages( + "Filter input to limit the returned packages" + filter: String, + + "Packages with any of these tags will be included. No filtering on tags." + tags: [PackageTag!], + + "Packages with any of these categories will be included." + categories: [String!]): [PackageRegistrySearchResultItem!]! @stability(level: LongTerm) + + """ + List packages installed on a specific view or repo. + Stability: Long-term + """ + installedPackages: [PackageInstallation!]! @stability(level: LongTerm) + + "Stability: Long-term" + hasPackageInstalled(packageId: VersionedPackageSpecifier!): Boolean! @stability(level: LongTerm) + + """ + Users who have access. + Stability: Long-term + """ + users: [User!]! @stability(level: LongTerm) + + """ + Users or groups who has access. + Stability: Long-term + """ + usersAndGroups(search: String, + + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, + + "The amount of results to return." + limit: Int = 50): UsersAndGroupsSearchResultSet! @stability(level: LongTerm) + + """ + Search users with a given permission + Stability: Short-term + """ + usersV2( + "Search for a user whose email or name matches this search string" + search: String, + + "Permission that the users must have on the search domain. Leave out to get users with any permission on the view" + permissionFilter: Permission, + + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, + + "The amount of results to return." + limit: Int = 50): Users! @stability(level: ShortTerm) + + """ + Groups with assigned roles. + Stability: Long-term + """ + groups: [Group!]! @stability(level: LongTerm) + + "Stability: Long-term" + starredFields: [String!]! @stability(level: LongTerm) + + "Stability: Long-term" + recentQueriesV2: [RecentQuery!]! @stability(level: LongTerm) + + "Stability: Long-term" + automaticSearch: Boolean! @stability(level: LongTerm) + + """ + Check if the current user is allowed to perform the given action on the view. + Stability: Long-term + """ + isActionAllowed( + "The action to check if a user is allowed to perform on a view." + action: ViewAction!): Boolean! @stability(level: LongTerm) + + """ + Returns the all actions the user is allowed to perform on the view. + Stability: Long-term + """ + allowedViewActions: [ViewAction!]! @stability(level: LongTerm) + + """ + The query prefix prepended to each search in this domain. + Stability: Long-term + """ + viewerQueryPrefix: String! @stability(level: LongTerm) + + """ + All tags from all datasources. + Stability: Long-term + """ + tags: [String!]! @stability(level: LongTerm) + + """ + The resource identifier for this search domain. + Stability: Short-term + """ + resource: String! @stability(level: ShortTerm) + + """ + The redirected query asset lookup view used for asset resolution when set. Assets like saved queries and lookup files will be resolved from this view instead of the current view. + Stability: Preview + """ + redirectQueryAssetLookupTo: SearchDomain @stability(level: Preview) + + """ + The AWS External ID used when assuming roles in AWS on behalf of this repository. + Stability: Long-term + """ + awsExternalId: String! @stability(level: LongTerm) + + """ + The ARN of the AWS IAM identity that will write to S3 for S3 actions. + Stability: Long-term + """ + s3ActionArn: String @stability(level: LongTerm) + + """ + All interactions defined on the view. + Stability: Long-term + """ + interactions: [ViewInteraction!]! @stability(level: LongTerm) + + """ + A saved alert + Stability: Long-term + """ + alert(id: String!): Alert! @stability(level: LongTerm) + + """ + Saved alerts. + Stability: Long-term + """ + alerts: [Alert!]! @stability(level: LongTerm) + + """ + A saved dashboard. + Stability: Long-term + """ + dashboard(id: String!): Dashboard! @stability(level: LongTerm) + + """ + All dashboards available on the view. + Stability: Long-term + """ + dashboards: [Dashboard!]! @stability(level: LongTerm) + + """ + A saved filter alert + Stability: Long-term + """ + filterAlert( + "Id of the filter alert. Supply either 'id' or 'name'." + id: String, + + "Name of the filter alert. Filter alerts in packages can be referred to as \"packagescope/packagename:alertname\". Supply either 'id' or 'name'." + name: String): FilterAlert! @stability(level: LongTerm) + + """ + Saved filter alerts. + Stability: Long-term + """ + filterAlerts: [FilterAlert!]! @stability(level: LongTerm) + + """ + A saved aggregate alert + Stability: Long-term + """ + aggregateAlert( + "Id of the aggregate alert. Supply either 'id' or 'name'." + id: String, + + "Name of the aggregate alert. Aggregate alerts in packages can be referred to as \"packagescope/packagename:alertname\". Supply either 'id' or 'name'." + name: String): AggregateAlert! @stability(level: LongTerm) + + """ + Saved aggregate alerts. + Stability: Long-term + """ + aggregateAlerts: [AggregateAlert!]! @stability(level: LongTerm) + + """ + A saved scheduled search. + Stability: Long-term + """ + scheduledSearch( + "Id of the scheduled search. Supply either 'id' or 'name'." + id: String, + + "Name of the scheduled search. Scheduled searches in packages can be referred to as \"packagescope/packagename:scheduledsearchname\". Supply either 'id' or 'name'." + name: String): ScheduledSearch! @stability(level: LongTerm) + + """ + Saved scheduled searches. + Stability: Long-term + """ + scheduledSearches: [ScheduledSearch!]! @stability(level: LongTerm) + + """ + A saved action. + Stability: Long-term + """ + action( + "The id of the action to get." + id: String!): Action! @stability(level: LongTerm) + + """ + A list of saved actions. + Stability: Long-term + """ + actions( + "The result will only include actions with the specified ids. Omit to find all actions." + actionIds: [String!]): [Action!]! @stability(level: LongTerm) + + """ + A saved query. + Stability: Long-term + """ + savedQuery(id: String!): SavedQuery! @stability(level: LongTerm) + + """ + Saved queries. + Stability: Long-term + """ + savedQueries: [SavedQuery!]! @stability(level: LongTerm) + + "Stability: Long-term" + defaultQuery: SavedQuery @stability(level: LongTerm) + + "Stability: Long-term" + files: [File!]! @stability(level: LongTerm) + + "Stability: Long-term" + fileFieldSearch( + "Name of the csv or json file to retrieve the field entries from." + fileName: String!, + + "Name of the field in the file to return entries from." + fieldName: String!, + + "Text to filter values by prefix on." + prefixFilter: String, + + "The exact values that given fields should have for an entry to be part of the result." + valueFilters: [FileFieldFilterType!]!, + + "Names of the fields to include in the result." + fieldsToInclude: [String!]!, + + "Maximum number of values to retrieve from the file." + maxEntries: Int!): [[DictionaryEntryType!]!]! @stability(level: LongTerm) + + """ + Saved scheduled reports. + Stability: Long-term + """ + scheduledReports: [ScheduledReport!]! @stability(level: LongTerm) + + """ + Saved scheduled report. + Stability: Long-term + """ + scheduledReport( + "The id of the scheduled report to get." + id: String!): ScheduledReport @stability(level: LongTerm) +} + +"An asset in a search domain." +type SearchDomainAsset { + """ + The id of the asset. + Stability: Short-term + """ + id: String! @stability(level: ShortTerm) + + """ + The name of the asset. + Stability: Short-term + """ + name: String! @stability(level: ShortTerm) + + """ + The type of the asset. + Stability: Short-term + """ + assetType: AssetPermissionsAssetType! @stability(level: ShortTerm) + + """ + The id of the search domain. + Stability: Short-term + """ + searchDomainId: String! @stability(level: ShortTerm) + + """ + The name of the search domain. + Stability: Short-term + """ + searchDomainName: String! @stability(level: ShortTerm) + + """ + The resource string representation of this asset. Can be used for assigning asset permissions for this asset + Stability: Short-term + """ + resource: String! @stability(level: ShortTerm) +} + +"A result set containing information about search domain assets." +type SearchDomainAssetsResultSet { + """ + The total number of matching results. + Stability: Short-term + """ + totalResults: Int! @stability(level: ShortTerm) + + """ + The paginated result set. + Stability: Short-term + """ + results: [SearchDomainAsset!]! @stability(level: ShortTerm) +} + +"A page of searchDomains." +type SearchDomainPage { + "Stability: Long-term" + pageInfo: PageType! @stability(level: LongTerm) + + "Stability: Long-term" + page: [SearchDomain!]! @stability(level: LongTerm) +} + +"The role assigned in a searchDomain." +type SearchDomainRole { + "Stability: Long-term" + searchDomain: SearchDomain! @stability(level: LongTerm) + + "Stability: Long-term" + role: Role! @stability(level: LongTerm) +} + +"The search domain search result set" +type SearchDomainSearchResultSet { + """ + The total number of matching results + Stability: Long-term + """ + totalResults: Int! @stability(level: LongTerm) + + """ + The paginated result set + Stability: Long-term + """ + results: [SearchDomain!]! @stability(level: LongTerm) +} + +enum SearchDomainTypes { + All + Repository + Views +} + +"Aggregations for search fleet result set" +type SearchFleetAggregations { + "Stability: Short-term" + status: SearchFleetStatus! @stability(level: ShortTerm) + + "Stability: Short-term" + versions: [SearchFleetVersions!]! @stability(level: ShortTerm) + + "Stability: Short-term" + allVersions: [String!]! @stability(level: ShortTerm) + + "Stability: Short-term" + os: SearchFleetSystems! @stability(level: ShortTerm) + + "Stability: Short-term" + ingest: SearchFleetIngest! @stability(level: ShortTerm) +} + +"The fleet search has not finished yet" +type SearchFleetInProgress { + "Stability: Short-term" + queryState: String! @stability(level: ShortTerm) + + "Stability: Short-term" + totalResultsInfo: SearchFleetTotalResultInfo! @stability(level: ShortTerm) + + """ + The total number of matching results + Stability: Short-term + """ + totalResults: Int! @stability(level: ShortTerm) + + """ + Aggregations of the result set + Stability: Short-term + """ + aggregations: SearchFleetAggregations @stability(level: ShortTerm) + + """ + The paginated result set + Stability: Short-term + """ + results: [LogCollector!]! @stability(level: ShortTerm) +} + +"Ingest aggregation for search fleet result set" +type SearchFleetIngest { + "Stability: Short-term" + volume: Long! @stability(level: ShortTerm) +} + +"A fleet installation token search result set" +type SearchFleetInstallationTokenResultSet { + """ + The total number of matching results + Stability: Short-term + """ + totalResults: Int! @stability(level: ShortTerm) + + """ + The paginated result set + Stability: Short-term + """ + results: [FleetInstallationToken!]! @stability(level: ShortTerm) +} + +enum SearchFleetOsFilter { + Linux + MacOS + Unknown + Windows +} + +"A fleet search result set" +type SearchFleetResultSet { + "Stability: Short-term" + queryState: String! @stability(level: ShortTerm) + + "Stability: Short-term" + totalResultsInfo: SearchFleetTotalResultInfo! @stability(level: ShortTerm) + + """ + The total number of matching results + Stability: Short-term + """ + totalResults: Int! @stability(level: ShortTerm) + + """ + Aggregations of the result set + Stability: Short-term + """ + aggregations: SearchFleetAggregations @stability(level: ShortTerm) + + """ + The paginated result set + Stability: Short-term + """ + results: [LogCollector!]! @stability(level: ShortTerm) +} -Stability: Long-term -""" - usersAndGroupsForChangingUserAccess( - search: String - searchDomainId: String! -""" -The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1) -""" - skip: Int -""" -The amount of results to return. -""" - limit: Int - ): UsersAndGroupsSearchResultSet! -""" -Requires either root access, org owner access or permission to manage users in at least one repository or view. Returns a page of all users in an organization. -Stability: Long-term -""" - usersPage( - orderBy: OrderByUserFieldInput - search: String - pageNumber: Int! - pageSize: Int! - ): UsersPage! -""" -Return users without organizations -Stability: Short-term -""" - usersWithoutOrganizations: [User!]! -""" -Validate the Access Token -Stability: Short-term -""" - validateAccessToken( - accessToken: String! - ): String! -""" -Validate the Access Token -Stability: Long-term -""" - validateAccessTokenV2( - accessToken: String! - ): AccessTokenValidatorResultType! -""" -Check that a query compiles. -Stability: Preview -""" - validateQuery( - queryString: String! - version: LanguageVersionEnum! - isLive: Boolean - arguments: [QueryArgument!] - ): QueryValidationResult! -""" -Validate the JWT Token -Stability: Long-term -""" - validateToken( - jwtToken: String! - ): Boolean! -""" -The currently authenticated user's account. -Stability: Long-term -""" - viewer: Account! -""" -The currently authenticated user's account if any. -Stability: Long-term -""" - viewerOpt: Account -""" -Get the list of keys being used to select queries for tracing on workers. -Stability: Preview -""" - workerQueryTracingState: WorkerQueryTracingState! +"Status aggregation for search fleet result set" +type SearchFleetStatus { + "Stability: Short-term" + errored: Int! @stability(level: ShortTerm) + + "Stability: Short-term" + ok: Int! @stability(level: ShortTerm) } -""" -An argument to a query -""" -input QueryArgument { -""" -An argument to a query -""" - name: String! -""" -An argument to a query -""" - value: String! +enum SearchFleetStatusFilter { + Error + OK } -""" -An argument for a query. -""" -input QueryArgumentInputType { -""" -An argument for a query. -""" - name: String! -""" -An argument for a query. -""" - value: String! +"Systems aggregation for search fleet result set" +type SearchFleetSystems { + "Stability: Short-term" + windows: Int! @stability(level: ShortTerm) + + "Stability: Short-term" + macOs: Int! @stability(level: ShortTerm) + + "Stability: Short-term" + linux: Int! @stability(level: ShortTerm) } -""" -Either a successful assistance result, or an error -""" -union QueryAssistantAssistance =QueryAssistantSuccess | QueryAssistantError +"Information about the returned result set." +union SearchFleetTotalResultInfo = OnlyTotal | GroupFilterInfo -type QueryAssistantDiagnostic { -""" -Stability: Preview -""" - message: QueryAssistantDiagnosticMessage! -""" -Stability: Preview -""" - position: QueryAssistantDiagnosticPosition -""" -Stability: Preview -""" - severity: QueryAssistantDiagnosticSeverity! +"Query result for search fleet" +union SearchFleetUnion = SearchFleetResultSet | SearchFleetInProgress + +input SearchFleetVersionFilter { + version: String + needsUpdate: Boolean } -type QueryAssistantDiagnosticMessage { -""" -Stability: Preview -""" - what: String! -""" -Stability: Preview -""" - terse: String! -""" -Stability: Preview -""" - code: String! +"Version aggregation for search fleet result set" +type SearchFleetVersions { + "Stability: Short-term" + version: String! @stability(level: ShortTerm) + + "Stability: Short-term" + count: Int! @stability(level: ShortTerm) } -type QueryAssistantDiagnosticPosition { -""" -Stability: Preview -""" - column: Int! -""" -Stability: Preview -""" - line: Int! -""" -Stability: Preview -""" - beginOffset: Int! -""" -Stability: Preview -""" - endOffset: Int! -""" -Stability: Preview -""" - longString: String! +type SearchLinkInteraction { + "Stability: Long-term" + repoOrViewName: RepoOrViewName @stability(level: LongTerm) + + "Stability: Long-term" + queryString: String! @stability(level: LongTerm) + + "Stability: Long-term" + arguments: [DictionaryEntryType!]! @stability(level: LongTerm) + + "Stability: Long-term" + openInNewTab: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + useWidgetTimeWindow: Boolean! @stability(level: LongTerm) } -enum QueryAssistantDiagnosticSeverity { - Hint - Information - Warning - Error +input SearchLinkInteractionInput { + name: String! + titleTemplate: String + repoOrViewName: RepoOrViewName + queryString: String! + isLive: Boolean! + arguments: [ArgumentInput!]! + openInNewTab: Boolean! + useWidgetTimeWindow: Boolean! + fieldInteractionConditions: [FieldInteractionConditionInput!] +} + +"A log collector configuration search result set" +type SearchLogCollectorConfigurationResultSet { + """ + The total number of matching results + Stability: Short-term + """ + totalResults: Int! @stability(level: ShortTerm) + + """ + The paginated result set + Stability: Short-term + """ + results: [LogCollectorConfiguration!]! @stability(level: ShortTerm) } -type QueryAssistantError { -""" -Stability: Preview -""" - error: String! +"A log collector group search result set" +type SearchLogCollectorGroupsResultSet { + """ + The total number of matching results + Stability: Short-term + """ + totalResults: Int! @stability(level: ShortTerm) + + """ + The paginated result set + Stability: Short-term + """ + results: [LogCollectorGroup!]! @stability(level: ShortTerm) } -""" -An assistance result and a version of the query assistant -""" -type QueryAssistantResult { -""" -The assistant version. -Stability: Preview -""" - version: String! -""" -The query assistance for the given search. -Stability: Preview -""" - assistance: QueryAssistantAssistance! +type SearchResult { + """ + The total number of results that matched the search query. Only [pageSize] elements will be returned. + Stability: Short-term + """ + totalResults: Int! @stability(level: ShortTerm) + + "Stability: Short-term" + data: [EntitySearchResultEntity!]! @stability(level: ShortTerm) + + "Stability: Short-term" + cursor: String @stability(level: ShortTerm) + + "Stability: Short-term" + hasNextPage: Boolean! @stability(level: ShortTerm) + + "Stability: Short-term" + hasPreviousPage: Boolean! @stability(level: ShortTerm) +} + +enum Searchdomain__SortBy { + Name + Volume + DeletedAt + LimitName +} + +"A handle for a secret" +type SecretHandle { + """ + Id of the secret handle. + Stability: Preview + """ + id: String! @stability(level: Preview) + + """ + Name of the secret handle. + Stability: Preview + """ + name: String! @stability(level: Preview) + + """ + Description of the secret handle. + Stability: Preview + """ + description: String! @stability(level: Preview) + + """ + Name of the feature associated with this secret. + Stability: Preview + """ + featureName: String! @stability(level: Preview) + + """ + Pointer to the secret in an external secret management system. + Stability: Preview + """ + secretPointer: SecretPointer! @stability(level: Preview) + + """ + Timestamp, in milliseconds, of when the secret handle was created. + Stability: Preview + """ + createdAt: Long! @stability(level: Preview) + + """ + Timestamp, in milliseconds, of when the secret handle was last updated. + Stability: Preview + """ + lastUpdatedAt: Long @stability(level: Preview) +} + +"Pointer to the secret in an external secret management system." +union SecretPointer = AwsSecretsManagerSecret + +"A dashboard section." +type Section { + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + title: String @stability(level: LongTerm) + + "Stability: Long-term" + description: String @stability(level: LongTerm) + + "Stability: Long-term" + collapsed: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + timeSelector: TimeInterval @stability(level: LongTerm) + + "Stability: Long-term" + widgetIds: [String!]! @stability(level: LongTerm) + + "Stability: Long-term" + order: Int! @stability(level: LongTerm) +} + +input SectionInput { + id: String! + title: String + description: String + collapsed: Boolean! + timeSelector: TimeIntervalInput + widgetIds: [String!]! + order: Int! +} + +"Segment details" +type Segment { + "Stability: Preview" + id: String! @stability(level: Preview) + + """ + The timestamp of the first event contained in the segment. + Stability: Preview + """ + start: Long! @stability(level: Preview) + + """ + The timestamp of the last event contained in the segment. + Stability: Preview + """ + end: Long! @stability(level: Preview) + + """ + Information about the cluster's hosts that have this segment in local storage. Note this field is not necessarily populated, in such cases the segment can still be found in bucket. + Stability: Preview + """ + currentHosts: [ClusterNode!]! @stability(level: Preview) + + """ + The time when this segment was marked deleted. Segments are actually deleted after at least MINUTES_BEFORE_TOMBSTONE_DELETION_NO_CURRENTS minutes. + Stability: Preview + """ + deletedAt: Long @stability(level: Preview) + + "Stability: Preview" + organization: Organization! @stability(level: Preview) + + "Stability: Preview" + repository: Repository! @stability(level: Preview) + + "Stability: Preview" + datasource: Datasource! @stability(level: Preview) +} + +scalar SemanticVersion + +type SeriesConfig { + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + title: String @stability(level: LongTerm) + color: String @deprecated(reason: "[DEPRECATED: Field has been replaced by a new version. Use 'colorV2' instead. Will be removed at the earliest in version 1.267]") + + """ + The color of the series. + Stability: Long-term + """ + colorV2: Color @stability(level: LongTerm) +} + +"At least one of title, color, and themedColor must be specified. At most one of color and themedColor can be specified." +input SeriesConfigInput { + name: String! + title: String + + "A hex color." + color: String + + "A themed color for the series." + themedColor: ThemedColorInput +} + +input ServiceLevelIndicatorLogArg { + frontendVersion: String! + content: JSON! +} + +"Metadata about a registered service" +type ServiceMetadata { + """ + The name of the service + Stability: Preview + """ + name: String! @stability(level: Preview) + + """ + The type of the service + Stability: Preview + """ + serviceType: String! @stability(level: Preview) + + """ + The endpoint of the service + Stability: Preview + """ + endpointUrl: String! @stability(level: Preview) + + """ + The version of the service + Stability: Preview + """ + version: String! @stability(level: Preview) + + """ + The health status of the service + Stability: Preview + """ + healthStatus: HealthStatus! @stability(level: Preview) +} + +"An active session." +type Session { + """ + The id of the session + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + Client info. + Stability: Long-term + """ + clientInfo: String! @stability(level: LongTerm) + + """ + Approximate city from IP + Stability: Long-term + """ + city: String @stability(level: LongTerm) + + """ + Country from IP + Stability: Long-term + """ + country: String @stability(level: LongTerm) + + """ + The IP of the client when the session was created. + Stability: Long-term + """ + ip: String! @stability(level: LongTerm) + + """ + The user that created the session. + Stability: Long-term + """ + user: User! @stability(level: LongTerm) + + """ + The time at which the session was created. + Stability: Long-term + """ + createdAt: Long @stability(level: LongTerm) + + """ + The time at which the session was last active. + Stability: Long-term + """ + lastActivityAt: Long @stability(level: LongTerm) + + """ + If the session is the current session for the user. + Stability: Long-term + """ + isCurrentSession: Boolean! @stability(level: LongTerm) +} + +input SessionInput { + maxInactivityPeriod: Long! + forceReauthenticationAfter: Long! +} + +"The session query result set" +type SessionQueryResultSet { + """ + The total number of matching results + Stability: Long-term + """ + totalResults: Int! @stability(level: LongTerm) + + """ + The paginated result set + Stability: Long-term + """ + results: [Session!]! @stability(level: LongTerm) +} + +enum SessionRevocation__Type { + Organization + Session + User +} + +enum Sessions__Filter_Level { + Organization + User +} + +enum Sessions__SortBy { + ClientInfo + IPAddress + LastActivityTime + Location + LoginTime + User +} + +input SetDefaultSavedQueryInput { + savedQueryId: String + viewName: String! +} + +"Data for setting force stop state on an ingest feed" +input SetForceStopOnIngestFeed { + "Name of the repository of the ingest feed." + repositoryName: RepoOrViewName! + + "Id of the ingest feed." + id: String! + + "Whether to force stop (true) or resume (false) the ingest feed" + forceStopState: Boolean! +} + +"Data to set a global default cache policy" +input SetGlobalDefaultCachePolicyInput { + "Policy to set" + policy: CachePolicyInput! +} + +input SetLimitDisplayNameInput { + limitName: String! + displayName: String +} + +"Data for setting offset for datasources on partition type." +input SetOffsetForDatasourcesOnPartitionInput { + "The starting offset for the ingest partition." + offset: Long! + + "The ingest partition to set the starting offset for." + partition: Int! +} + +"Data to set a organization default cache policy" +input SetOrgDefaultCachePolicyInput { + "Policy to set" + policy: CachePolicyInput! +} + +input SetPrimarySubdomainInput { + subdomain: String! +} + +"Data to set a repo cache policy" +input SetRepoCachePolicyInput { + "Name of repository" + repositoryName: String! + + "Policy to set" + policy: CachePolicyInput! +} + +"Data for updating search limit on a search domain." +input SetSearchLimitForSearchDomain { + "Id of the view." + id: String! + + "Search limit in milliseconds, which searches should be limited to." + searchLimitMs: Long! + + "Repositories not part of the search limitation." + excludedRepoIds: [String!]! +} + +input SetSubdomainSettingsInput { + primarySubdomain: String! + secondarySubdomains: [String!] + enforceSubdomains: Boolean! +} + +"Output diagnostic from query validation." +enum Severity { + Error + Warning + Information + Hint +} + +"Represents information about a dashboard shared through a link." +type SharedDashboard { + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + displayName: String! @stability(level: LongTerm) + + """ + The ip filter on the shared dashboard. + Stability: Long-term + """ + ipFilter: IPFilter @stability(level: LongTerm) + + "Stability: Long-term" + sharedTimeInterval: SharedDashboardTimeInterval @stability(level: LongTerm) + + """ + The name of the repository or view queries are executed against. + Stability: Long-term + """ + repoOrViewName: RepoOrViewName! @stability(level: LongTerm) + + "Stability: Long-term" + widgets: [Widget!]! @stability(level: LongTerm) + + "Stability: Long-term" + sections: [Section!]! @stability(level: LongTerm) + + "Stability: Long-term" + series: [SeriesConfig!]! @stability(level: LongTerm) + + "Stability: Short-term" + seriesColorPalette: String @stability(level: ShortTerm) + + """ + The resource identifier for this dashboard. + Stability: Short-term + """ + resource: String! @stability(level: ShortTerm) +} + +"Time Interval that is active on all dashboard widgets" +type SharedDashboardTimeInterval { + "Stability: Long-term" + isLive: Boolean! @stability(level: LongTerm) + + "Stability: Long-term" + start: String! @stability(level: LongTerm) + + "Stability: Long-term" + end: String! @stability(level: LongTerm) +} + +"Security policies for shared dashboards in the organization" +type SharedDashboardsSecurityPolicies { + """ + Whether shared dashboard tokens are enabled + Stability: Short-term + """ + sharedDashboardsEnabled: Boolean! @stability(level: ShortTerm) + + """ + The IP filter that is enforced on all shared dashboards + Stability: Short-term + """ + enforceIpFilter: IPFilter @stability(level: ShortTerm) +} + +"Data for updating shared dashboards security policies" +input SharedDashboardsSecurityPoliciesInput { + "Whether shared dashboard tokens should be enabled" + sharedDashboardsEnabled: Boolean! + + "The IP filter that will be enforced on all shared dashboard tokens" + enforceIpFilterId: String +} + +enum ShowTermsAndConditions { + LogScaleEula + None + StandardMandatoryDoDNoticeAndConsent +} + +"A Slack action" +type SlackAction implements Action { + """ + Slack webhook url to send the request to. + Stability: Long-term + """ + url: String! @stability(level: LongTerm) + + """ + Fields to include within the Slack message. Can be templated with values from the result. + Stability: Long-term + """ + fields: [SlackFieldEntry!]! @stability(level: LongTerm) + + """ + Defines whether the action should use the configured HTTP proxy to send requests. + Stability: Long-term + """ + useProxy: Boolean! @stability(level: LongTerm) + + """ + The name of the action. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + The display name of the action. + Stability: Long-term + """ + displayName: String! @stability(level: LongTerm) + + """ + The id of the action. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + A template that can be used to recreate the action. + Stability: Long-term + """ + yamlTemplate: YAML! @stability(level: LongTerm) + + "Stability: Long-term" + packageId: VersionedPackageSpecifier @stability(level: LongTerm) + + """ + The package, if any, which the action is part of. + Stability: Long-term + """ + package: PackageInstallation @stability(level: LongTerm) + + """ + False if this type of action is disabled because of a security policy, true otherwise + Stability: Long-term + """ + isAllowedToRun: Boolean! @stability(level: LongTerm) + + """ + True if this action is used by triggers, where the query is run by the organization. If true, then the OrganizationOwnedQueries permission is required to edit the action. + Stability: Long-term + """ + requiresOrganizationOwnedQueriesPermissionToEdit: Boolean! @stability(level: LongTerm) + + """ + Allowed asset actions + Stability: Short-term + """ + allowedActions: [AssetAction!]! @stability(level: ShortTerm) + + """ + The resource identifier for this action. + Stability: Short-term + """ + resource: String! @stability(level: ShortTerm) + + """ + Metadata related to the creation of the action + Stability: Long-term + """ + createdInfo: AssetCommitMetadata @stability(level: LongTerm) + + """ + Metadata related to the latest modification of the action + Stability: Long-term + """ + modifiedInfo: AssetCommitMetadata @stability(level: LongTerm) + + """ + Labels to categorize the action. + Stability: Preview + """ + labels: [String!] @stability(level: Preview) +} + +"Field entry in a Slack message" +type SlackFieldEntry { + """ + Key of a Slack field. + Stability: Long-term + """ + fieldName: String! @stability(level: LongTerm) + + """ + Value of a Slack field. + Stability: Long-term + """ + value: String! @stability(level: LongTerm) +} + +"Slack message field entry." +input SlackFieldEntryInput { + "Key of a Slack field." + fieldName: String! + + "Value of a Slack field." + value: String! +} + +"A slack post-message action." +type SlackPostMessageAction implements Action { + """ + Api token to authenticate with Slack. + Stability: Long-term + """ + apiToken: String! @stability(level: LongTerm) + + """ + List of Slack channels to message. + Stability: Long-term + """ + channels: [String!]! @stability(level: LongTerm) + + """ + Fields to include within the Slack message. Can be templated with values from the result. + Stability: Long-term + """ + fields: [SlackFieldEntry!]! @stability(level: LongTerm) + + """ + Defines whether the action should use the configured HTTP proxy to send requests. + Stability: Long-term + """ + useProxy: Boolean! @stability(level: LongTerm) + + """ + The name of the action. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + The display name of the action. + Stability: Long-term + """ + displayName: String! @stability(level: LongTerm) + + """ + The id of the action. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + A template that can be used to recreate the action. + Stability: Long-term + """ + yamlTemplate: YAML! @stability(level: LongTerm) + + "Stability: Long-term" + packageId: VersionedPackageSpecifier @stability(level: LongTerm) + + """ + The package, if any, which the action is part of. + Stability: Long-term + """ + package: PackageInstallation @stability(level: LongTerm) + + """ + False if this type of action is disabled because of a security policy, true otherwise + Stability: Long-term + """ + isAllowedToRun: Boolean! @stability(level: LongTerm) + + """ + True if this action is used by triggers, where the query is run by the organization. If true, then the OrganizationOwnedQueries permission is required to edit the action. + Stability: Long-term + """ + requiresOrganizationOwnedQueriesPermissionToEdit: Boolean! @stability(level: LongTerm) + + """ + Allowed asset actions + Stability: Short-term + """ + allowedActions: [AssetAction!]! @stability(level: ShortTerm) + + """ + The resource identifier for this action. + Stability: Short-term + """ + resource: String! @stability(level: ShortTerm) + + """ + Metadata related to the creation of the action + Stability: Long-term + """ + createdInfo: AssetCommitMetadata @stability(level: LongTerm) + + """ + Metadata related to the latest modification of the action + Stability: Long-term + """ + modifiedInfo: AssetCommitMetadata @stability(level: LongTerm) + + """ + Labels to categorize the action. + Stability: Preview + """ + labels: [String!] @stability(level: Preview) +} + +enum SocialLoginField { + AllowAll + DenyAll + AllowSelected +} + +"Social login configuration for the organization" +type SocialLoginSettings { + """ + Social provider + Stability: Short-term + """ + provider: SocialProviderProfile! @stability(level: ShortTerm) + + """ + Filter + Stability: Short-term + """ + filter: SocialLoginField! @stability(level: ShortTerm) + + """ + Allowed users + Stability: Short-term + """ + allowList: [User!]! @stability(level: ShortTerm) +} + +input SocialLoginSettingsInput { + socialProviderProfile: SocialProviderProfile! + filter: SocialLoginField! + allowList: [String!]! +} + +enum SocialProviderProfile { + Google + Github + Bitbucket +} + +"The sort by options for assets." +enum SortBy { + Name + SearchDomain +} + +"Field to sort queries by" +enum SortField { + Age + DeltaLiveCPU + DeltaLiveCost + DeltaStaticCPU + DeltaStaticCost + DeltaTotalCost + DeltaTotalMemoryAllocation + InitiatedBy + LiveCost + StaticCost + Status + TotalCost + TotalLiveCPU + TotalMemoryAllocation + TotalStaticCPU + View +} + +"Order to sort queries by" +enum SortOrder { + Ascending + Descending +} + +"Returns a query that gives the underlying events for some specified fields. queryArguments are names of free variables in the query, prefixed with a ?.For example, 'foo=?bar | count()' has the queryArgument bar." +type SourceEventsQueryResultType { + "Stability: Preview" + query: String @stability(level: Preview) + + "Stability: Preview" + queryArguments: [String!]! @stability(level: Preview) + + "Stability: Preview" + diagnostics: [QueryDiagnostic!]! @stability(level: Preview) +} + +type Stability { + "Stability: Long-term" + level: StabilityLevel! @stability(level: LongTerm) +} + +"How stable a field or enum value is." +enum StabilityLevel { + "This part of the API is still under development and can change without warning." + Preview + + "This part of the API is short-term stable which means that breaking changes will be announced 12 weeks in advance, except in extraordinary situations like security issues." + ShortTerm + + "This part of the API is long-term stable which means that breaking changes will be announced 1 year in advance, except in extraordinary situations like security issues." + LongTerm +} + +input StandardSearchQueryKindInputType { + justIgnoreMe_: Int } -type QueryAssistantSuccess { -""" -Stability: Preview -""" - result: String! -""" -Stability: Preview -""" - diagnostics: [QueryAssistantDiagnostic!]! +"A static color." +type StaticColor { + """ + A hex color. + Stability: Long-term + """ + color: String! @stability(level: LongTerm) } -""" -An interaction for a query based widget -""" -type QueryBasedWidgetInteraction { -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - titleTemplate: String -""" -Stability: Long-term -""" - conditions: [WidgetInteractionCondition!]! -""" -Stability: Long-term -""" - typeInfo: QueryBasedWidgetInteractionTypeInfo! +input StopQueriesInput { + "Whether to stop queries globally. Requires the ManageCluster permission." + clusterWide: Boolean = false } -union QueryBasedWidgetInteractionTypeInfo =DashboardLinkInteraction | CustomLinkInteraction | SearchLinkInteraction | UpdateParametersInteraction +type StorageOnDay { + "Stability: Long-term" + date: DateTime! @stability(level: LongTerm) -""" -Result of concatenating queries. -""" -type QueryConcatenationInfo { -""" -Stability: Short-term -""" - concatenatedQuery: String! -""" -Stability: Short-term -""" - validationResult: QueryValidationInfo! + "Stability: Long-term" + storageBytes: Long! @stability(level: LongTerm) + + "Stability: Long-term" + limit: UsageLimit! @stability(level: LongTerm) } -""" -A diagnostic message from query validation. -""" -type QueryDiagnostic { -""" -Stability: Preview -""" - message: String! -""" -Stability: Preview -""" - code: String! -""" -Stability: Preview -""" - severity: Severity! +type StoredData { + "Stability: Long-term" + currentBytes: Long! @stability(level: LongTerm) + + "Stability: Long-term" + limit: UsageLimit! @stability(level: LongTerm) } -""" -Diagnostic information for a query. -""" -type QueryDiagnosticInfoOutputType { -""" -The diagnostic message. -Stability: Short-term -""" - message: String! -""" -The code for the diagnostic. -Stability: Short-term -""" - code: String! -""" -The severity of the diagnostic. -Stability: Short-term -""" - severity: String! +"The specification of a string parameter." +input StringParameterInput { + "An optional default value for the parameter. If a default value is not present, the parameter is required." + defaultValue: String } -type QueryInProgress { -""" -Stability: Long-term -""" - queryId: String! +"Subdomain configuration for the organization" +type SubdomainConfig { + """ + The primary subdomain of the organization + Stability: Short-term + """ + primarySubdomain: String! @stability(level: ShortTerm) + + """ + The secondary subdomains of the organization + Stability: Short-term + """ + secondarySubdomains: [String!]! @stability(level: ShortTerm) + + """ + EnforceSubdomain, if set to true the organization can only be accessed by the subdomain, otherwise it can also be accessed directly at the cluster domain url. + Stability: Short-term + """ + enforceSubdomains: Boolean! @stability(level: ShortTerm) } -""" -Language restrictions for language version. -""" -type QueryLanguageRestriction { -""" -Stability: Preview -""" - version: LanguageVersion! -""" -Stability: Preview -""" - allowedFunctions: [String!]! -""" -Stability: Preview -""" - enabled: Boolean! +type SuggestedAlertTypeInfo { + """ + The suggested alert type. + Stability: Short-term + """ + alertType: AlertType! @stability(level: ShortTerm) } -""" -Query ownership -""" -interface QueryOwnership { -""" -Query ownership -""" - id: String! +"Committed by a supporter." +type SupportUserCommitAuthor implements AssetCommitAuthor { + """ + A common string representation of an author + Stability: Long-term + """ + displayString: String! @stability(level: LongTerm) } -type QueryPrefixes { -""" -Stability: Long-term -""" - viewId: String! -""" -Stability: Long-term -""" - queryPrefix: String! +"Actions a user may perform on the system." +enum SystemAction { + AdministerCloud + AdministerCluster + AdministerOrganizations + AdministerSystemPermissions + AdministerTokens + ChangeSharedFiles + ChangeSubdomain + DeleteOrganizations + ViewOrganizations + ViewSubdomain +} + +"Committed by LogScale system." +type SystemCommitAuthor implements AssetCommitAuthor { + """ + A common string representation of an author + Stability: Long-term + """ + displayString: String! @stability(level: LongTerm) +} + +"System permissions" +enum SystemPermission { + ReadHealthCheck + ViewOrganizations + ManageOrganizations + ImportOrganization + DeleteOrganizations + ChangeSystemPermissions + ManageCluster + IngestAcrossAllReposWithinCluster + DeleteHumioOwnedRepositoryOrView + ChangeUsername + ChangeFeatureFlags + ChangeSubdomains + ListSubdomains + PatchGlobal + ChangeBucketStorage + ManageOrganizationLinks +} + +"System permissions token. The token allows the caller to work with system-level permissions." +type SystemPermissionsToken implements Token { + """ + The set of permissions on the token + Stability: Long-term + """ + permissions: [String!]! @stability(level: LongTerm) + + """ + The id of the token. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + The name of the token. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + The time at which the token expires. + Stability: Long-term + """ + expireAt: Long @stability(level: LongTerm) + + """ + The ip filter on the token. + Stability: Long-term + """ + ipFilter: String @stability(level: LongTerm) + + """ + The ip filter on the token. + Stability: Long-term + """ + ipFilterV2: IPFilter @stability(level: LongTerm) + + """ + The date the token was created. + Stability: Long-term + """ + createdAt: Long! @stability(level: LongTerm) +} + +"A tag on a datasource." +type Tag { + "Stability: Short-term" + key: String! @stability(level: ShortTerm) + + "Stability: Short-term" + value: String! @stability(level: ShortTerm) } -type QueryQuotaExceeded { -""" -Stability: Short-term -""" - kind: QueryQuotaMeasurementKind! -""" -Stability: Short-term -""" - resetsAt: Long! +"Describes the number of groups that tag values get distributed into for a given tag." +type TagGroupingRule { + "Stability: Short-term" + tagName: String! @stability(level: ShortTerm) + + "Stability: Short-term" + groupCount: Int! @stability(level: ShortTerm) } -enum QueryQuotaInterval { - PerDay - PerHour - PerTenMinutes - PerMinute +"The grouping rule for a given tag." +input TagGroupingRuleInput { + "The tag name to which the rule will apply." + tagName: String! + + "The number of groups the tag will be split into." + groupCount: Int! } -type QueryQuotaIntervalSetting { -""" -Stability: Short-term -""" - interval: QueryQuotaInterval! -""" -Stability: Short-term -""" - measurementKind: QueryQuotaMeasurementKind! -""" -Stability: Short-term -""" - value: Long -""" -Stability: Short-term -""" - valueKind: QueryQuotaIntervalSettingKind! -""" -Stability: Short-term -""" - source: QueryQuotaIntervalSettingSource! +type TagInfo { + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + value: String! @stability(level: LongTerm) } -enum QueryQuotaIntervalSettingKind { - Limitless - Limited +input TagsInput { + name: String! + value: String! } -enum QueryQuotaIntervalSettingSource { - Default - UserSpecified +enum Targets { + All + Group + Root + OrgRoot } -enum QueryQuotaMeasurementKind { - StaticCost - LiveCost - QueryCount +"Data for testing an ingest feed that uses AWS S3 and SQS" +input TestAwsS3SqsIngestFeed { + "Name of the repository of the ingest feed." + repositoryName: RepoOrViewName! + + "How to authenticate to AWS." + authentication: IngestFeedAwsAuthenticationInput! + + "AWS SQS queue url." + sqsUrl: String! + + "The AWS region to connect to." + region: String! } -type QueryQuotaUsage { -""" -Stability: Short-term -""" - interval: QueryQuotaInterval! -""" -Stability: Short-term -""" - queryCount: Int! -""" -Stability: Short-term -""" - staticCost: Long! -""" -Stability: Short-term -""" - liveCost: Long! +"Data for testing an ingest feed that uses Azure Event Hubs." +input TestAzureEventHubIngestFeed { + "Name of the repository of the ingest feed." + repositoryName: RepoOrViewName! + + "Fully qualified namespace of the Event Hub. Often structured like this: .servicebus.windows.net" + eventHubFullyQualifiedNamespace: String! + + "Name of the Event Hub." + eventHubName: String! + + "Consumer group for the Event Hub" + consumerGroup: String! + + "Configuration for how the Event Hub checkpoints should be handled." + checkpointHandling: AzureEventHubsCheckpointHandlingInput! + + "Authentication method for Azure event hub." + authentication: AzureEventHubsAuthenticationInput! } -""" -Query Quota Settings for a particular user -""" -type QueryQuotaUserSettings { -""" -Username of the user for which these Query Quota Settings apply -Stability: Short-term -""" - username: String! -""" -List of the settings that apply -Stability: Short-term -""" - settings: [QueryQuotaIntervalSetting!]! +"Data for testing an email action" +input TestEmailAction { + "Name of the view of the action." + viewName: String! + + "Name of the action." + name: String! + + "List of email addresses to send an email to." + recipients: [String!]! + + "Subject of the email. Can be templated with values from the result." + subjectTemplate: String + + "Body of the email. Can be templated with values from the result." + bodyTemplate: String + + "Defines whether the action should use the configured HTTP proxy to send requests." + useProxy: Boolean! + + "Whether the result set should be attached as a CSV file." + attachCsv: Boolean = false + + """ + Name of the action.. + This is a mock value, the trigger does not have to exist. + """ + triggerName: String! + + """ + JSON data representing zero or more events. + One event can be supplied as a JSON object. + Multiple events must be supplied as a list of JSON objects. + """ + eventData: String! } -""" -Timestamp type to use for a query. -""" -enum QueryTimestampType { -""" -Use @timestamp for the query. -""" - EventTimestamp -""" -Use @ingesttimestamp for the query. -""" - IngestTimestamp +"Collection of errors, which occurred during test." +type TestFdrErrorResult { + """ + List of test errors. + Stability: Long-term + """ + errors: [error!]! @stability(level: LongTerm) } -""" -Result of query validation. -""" -type QueryValidationInfo { -""" -Stability: Short-term -""" - isValid: Boolean! -""" -Stability: Short-term -""" - diagnostics: [QueryDiagnosticInfoOutputType!]! +"Data for testing an FDR feed." +input TestFdrFeed { + "Name of the repository of the FDR feed." + repositoryName: String! + + "Id of an existing FDR feed. If no id is provided, the remaining input fields must be set." + feedId: String + + "AWS client id to use in FDR feed test. If not set, the 'clientId' of the existing FDR feed will be used." + clientId: String + + "AWS client secret to use in FDR feed test. If not set, the 'clientSecret' of the existing FDR feed will be used." + clientSecret: String + + "AWS SQS queue url to use in FDR feed test. If not set, the 'sqsUrl' of the existing FDR feed will be used." + sqsUrl: String + + "AWS S3 identifier to use in FDR feed test. If not set, the 's3Identifier' of the existing FDR feed will be used." + s3Identifier: String } -""" -Result of validating a query. -""" -type QueryValidationResult { -""" -Stability: Preview -""" - isValid: Boolean! -""" -Stability: Preview -""" - diagnostics: [QueryDiagnostic!]! +"An error, which occurred when making a request towards an AWS resource." +type TestFdrRequestError { + """ + Name of the AWS resource, which the request was made towards. + Stability: Long-term + """ + resourceName: String! @stability(level: LongTerm) + + """ + Message specifying the request error. + Stability: Long-term + """ + message: String! @stability(level: LongTerm) } -""" -Readonly default role -""" -enum ReadonlyDefaultRole { - Reader +"Result of testing an FDR feed." +union TestFdrResult = TestFdrErrorResult | TestFdrSuccessResult + +"Test was a success." +type TestFdrSuccessResult { + """ + This field is always 'true' + Stability: Long-term + """ + result: Boolean! @stability(level: LongTerm) } -type RealTimeDashboardUpdateFrequency { -""" -Stability: Long-term -""" - name: String! +"A validation error related to a particular input field." +type TestFdrValidationError { + """ + Name of the field, which the error relates to. + Stability: Long-term + """ + fieldName: String! @stability(level: LongTerm) + + """ + Message specifying the validation error. + Stability: Long-term + """ + message: String! @stability(level: LongTerm) } -""" -A map from reasons why a node might not be able to be unregistered safely, to the boolean value indicating whether a given reason applies to this node. For a node to be unregistered without any undue disruption, none of the reasons must apply. -""" -type ReasonsNodeCannotBeSafelyUnregistered { -""" -Stability: Long-term -""" - isAlive: Boolean! -""" -Stability: Long-term -""" - leadsDigest: Boolean! -""" -Stability: Long-term -""" - hasUnderReplicatedData: Boolean! -""" -Stability: Long-term -""" - hasDataThatExistsOnlyOnThisNode: Boolean! +"Data for testing a Humio repo action" +input TestHumioRepoAction { + "Name of the view of the action." + viewName: String! + + "Name of the action." + name: String! + + "Humio ingest token for the dataspace that the action should ingest into." + ingestToken: String! + + """ + Name of the action.. + This is a mock value, the trigger does not have to exist. + """ + triggerName: String! + + """ + JSON data representing zero or more events. + One event can be supplied as a JSON object. + Multiple events must be supplied as a list of JSON objects. + """ + eventData: String! } -type RecentQuery { -""" -Stability: Long-term -""" - languageVersion: LanguageVersion! -""" -Stability: Long-term -""" - query: HumioQuery! -""" -Stability: Long-term -""" - runAt: DateTime! -""" -Stability: Long-term -""" - widgetType: String -""" -Stability: Long-term -""" - widgetOptions: JSON +"Data for testing an already created ingest feed." +input TestIngestFeedById { + "Name of the repository of the ingest feed." + repositoryName: RepoOrViewName! + + "Id of the ingest feed." + id: String! } -""" -Information about regions -""" -type RegionSelectData { -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - url: String! -""" -Stability: Long-term -""" - iconUrl: String! +"Data for testing a Kafka event forwarder" +input TestKafkaEventForwarder { + "Name of the event forwarder" + name: String! + + "Description of the event forwarder" + description: String! + + "The Kafka producer configuration used to forward events in the form of properties (x.y.z=abc). See https://library.humio.com/humio-server/ingesting-data-event-forwarders.html#kafka-configuration." + properties: String! + + "The Kafka topic the events should be forwarded to" + topic: String! + + "Is the event forwarder enabled" + enabled: Boolean = true } -""" -Info about a version of a LogScale Package. -""" -type RegistryPackageVersionInfo { -""" -The package version -Stability: Long-term -""" - version: SemanticVersion! -""" -The minimum version of LogScale required to run the package. -Stability: Long-term -""" - minHumioVersion: SemanticVersion! +"Data for testing an OpsGenie action" +input TestOpsGenieAction { + "Name of the view of the action." + viewName: String! + + "Name of the action." + name: String! + + "OpsGenie webhook url to send the request to." + apiUrl: String! + + "Key to authenticate with OpsGenie." + genieKey: String! + + "Defines whether the action should use the configured HTTP proxy to send requests." + useProxy: Boolean! + + """ + Name of the action.. + This is a mock value, the trigger does not have to exist. + """ + triggerName: String! + + """ + JSON data representing zero or more events. + One event can be supplied as a JSON object. + Multiple events must be supplied as a list of JSON objects. + """ + eventData: String! } -""" -The status of a remote cluster connection. -""" -type RemoteClusterConnectionStatus implements ClusterConnectionStatus{ -""" -Name of the remote view -Stability: Short-term -""" - remoteViewName: String -""" -Software version of the remote view -Stability: Short-term -""" - remoteServerVersion: String -""" -Oldest server version that is protocol compatible with the remote server -Stability: Short-term -""" - remoteServerCompatVersion: String -""" -Id of the connection -Stability: Short-term -""" - id: String -""" -Whether the connection is valid -Stability: Short-term -""" - isValid: Boolean! -""" -Errors if the connection is invalid -Stability: Short-term -""" - errorMessages: [ConnectionAspectErrorType!]! +"Data for testing a PagerDuty action." +input TestPagerDutyAction { + "Name of the view of the action." + viewName: String! + + "Name of the action." + name: String! + + "Severity level to give to the message." + severity: String! + + "Routing key to authenticate with PagerDuty." + routingKey: String! + + "Defines whether the action should use the configured HTTP proxy to send requests." + useProxy: Boolean! + + """ + Name of the action.. + This is a mock value, the trigger does not have to exist. + """ + triggerName: String! + + """ + JSON data representing zero or more events. + One event can be supplied as a JSON object. + Multiple events must be supplied as a list of JSON objects. + """ + eventData: String! } -scalar RepoOrViewName +"Data for testing a post message Slack action." +input TestPostMessageSlackAction { + "Name of the view of the action." + viewName: String! + + "Name of the action." + name: String! -type RepositoriesUsageQueryResult { -""" -The total number of matching results -Stability: Long-term -""" - totalResults: Int! -""" -The paginated result set -Stability: Long-term -""" - results: [RepositoryUsageValue!]! + "Api token to authenticate with Slack." + apiToken: String! + + "List of Slack channels to message." + channels: [String!]! + + "Fields to include within the Slack message. Can be templated with values from the result." + fields: [SlackFieldEntryInput!]! + + "Defines whether the action should use the configured HTTP proxy to send requests." + useProxy: Boolean! + + """ + Name of the action.. + This is a mock value, the trigger does not have to exist. + """ + triggerName: String! + + """ + JSON data representing zero or more events. + One event can be supplied as a JSON object. + Multiple events must be supplied as a list of JSON objects. + """ + eventData: String! } -""" -Query result for repositories usage data -""" -union RepositoriesUsageQueryResultTypes =QueryInProgress | RepositoriesUsageQueryResult +"The result of the test" +type TestResult { + """ + True if the test was a success, false otherwise + Stability: Long-term + """ + success: Boolean! @stability(level: LongTerm) -enum RepositoriesUsageQuerySortBy { - Name - UsageValue + """ + A message explaining the test result + Stability: Long-term + """ + message: String! @stability(level: LongTerm) } -""" -A repository stores ingested data, configures parsers and data retention policies. -""" -type Repository implements SearchDomain{ -""" -Repo Types are used for tracking trial status in LogScale Cloud setups. -Stability: Long-term -""" - type: RepositoryType! -""" -Repo data types are used for controlling the types of data are allowed in the repository. -Stability: Long-term -""" - dataType: RepositoryDataType! -""" -The limit attached to the repository. -Stability: Long-term -""" - limit: LimitV2 -""" -The date and time in the future after which ingest for this repository will be re-enabled. -Stability: Long-term -""" - ingestBlock: DateTime -""" -Usage tag, used to group usage summary on repositories -Stability: Long-term -""" - usageTag: String -""" -Data sources where data is ingested from. E.g. This can be specific log files or services sending data to LogScale. -Stability: Long-term -""" - datasources: [Datasource!]! -""" -Total size the data. Size is measured as the size stored before compression and is thus the size of the internal format, not the data that was ingested. -Stability: Long-term -""" - uncompressedByteSize: Long! -""" -Total size of data. Size is measured as the size after compression. -Stability: Long-term -""" - compressedByteSize: Long! -""" -Total size the data, merged parts. Size is measured as the size stored before compression and is thus the size of the internal format, not the data that was ingested. -Stability: Long-term -""" - uncompressedByteSizeOfMerged: Long! -""" -Total size of data, merged parts. Size is measured as the size after compression. -Stability: Long-term -""" - compressedByteSizeOfMerged: Long! -""" -The timestamp of the latest ingested data, or null if the repository is empty. -Stability: Long-term -""" - timeOfLatestIngest: DateTime -""" -The maximum time (in days) to keep data. Data old than this will be deleted. -Stability: Long-term -""" - timeBasedRetention: Float -""" -Retention (in Gigabytes) based on the size of data when it arrives to LogScale, that is before parsing and compression. LogScale will keep `at most` this amount of data. -Stability: Long-term -""" - ingestSizeBasedRetention: Float -""" -Stability: Long-term -""" - ingestTokens: [IngestToken!]! -""" -Retention (in Gigabytes) based on the size of data when in storage, that is, after parsing and compression. LogScale will keep `at least` this amount of data, but as close to this number as possible. -Stability: Long-term -""" - storageSizeBasedRetention: Float -""" -Sets time (in days) to keep backups before they are deleted. -Stability: Long-term -""" - timeBasedBackupRetention: Float -""" -The ingest listeners configured for this repository. -Stability: Long-term -""" - ingestListeners: [IngestListener!]! -""" -Maximum number of auto shards created. -Stability: Long-term -""" - maxAutoShardCount: Int -""" -Configuration for S3 archiving. E.g. bucket name and region. -Stability: Long-term -""" - s3ArchivingConfiguration: S3Configuration -""" -Configuration for GCS archiving. E.g. bucket name. -Stability: Preview -""" - gcsArchivingConfiguration: GCSArchivingConfiguration -""" -Configuration for archiving. E.g. bucket name and region. -Stability: Preview -""" - archivingConfiguration: ArchivingConfiguration -""" -Provider for archiving, i.e. S3 or GCS -Stability: Preview -""" - archivingProvider: String -""" -The cache policy set on this repo. -Stability: Preview -""" - cachePolicy: CachePolicy -""" -The cache policy of this repo that as will be applied. +"Data for testing an S3 action." +input TestS3Action { + "Name of the view of the action." + viewName: RepoOrViewName! -This will apply the cache policy of the repo, org-wide default, or global -default. This will be (in order of precedence): - 1. The repo cache policy, if set. - 2. The organization-wide cache policy, if set. - 3. The global cache policy, if set. - 4. The default cache policy in which no segments are prioritized. + "Name of the action." + name: String! -Stability: Preview -""" - effectiveCachePolicy: CachePolicy! -""" -Tag grouping rules applied on the repository currently. Rules only apply to the tags they denote, and tags without rules do not have any grouping. -Stability: Long-term -""" - currentTagGroupings: [TagGroupingRule!]! -""" -The AWS External ID used when assuming roles in AWS on behalf of this repository. -Stability: Long-term -""" - awsExternalId: String! -""" -The ARN of the AWS IAM identity that will write to S3 for S3 Archiving. -Stability: Short-term -""" - s3ArchivingArn: String -""" -The event forwarding rules configured for the repository -Stability: Long-term -""" - eventForwardingRules: [EventForwardingRule!]! -""" -List event forwarders in the organization with only basic information -Stability: Long-term -""" - eventForwardersForSelection: [EventForwarderForSelection!]! -""" -A saved FDR feed. -Stability: Long-term -""" - fdrFeed( -""" -The id of the FDR feed to get. -""" - id: String! - ): FdrFeed! -""" -Saved FDR Feeds -Stability: Long-term -""" - fdrFeeds: [FdrFeed!]! -""" -Administrator control for an FDR feed. -Stability: Long-term -""" - fdrFeedControl( -""" -The id of the FDR feed to get administrator control for. -""" - id: String! - ): FdrFeedControl! -""" -Administrator controls for FDR feeds -Stability: Long-term -""" - fdrFeedControls: [FdrFeedControl!]! -""" -A saved Ingest feed. -Stability: Long-term -""" - ingestFeed( -""" -The id of the IngestFeed to get. -""" - id: String! - ): IngestFeed! -""" -Saved ingest feeds -Stability: Long-term -""" - ingestFeeds( -""" -Filter results based on this string -""" - searchFilter: String -""" -Type of ingest feed to filter -""" - typeFilter: [IngestFeeds__Type!] -""" -Field which to sort the ingest feeds by -""" - sortBy: IngestFeeds__SortBy! -""" -Choose the order in which the results are returned. -""" - orderBy: OrderBy -""" -The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1) -""" - skip: Int -""" -The amount of results to return. -""" - limit: Int - ): IngestFeedQueryResultSet! -""" -A parser on the repository. -Stability: Long-term -""" - parser( - id: String -""" -[DEPRECATED: Please use `id` instead. Will be removed in version 1.178] -""" - name: String - ): Parser -""" -Saved parsers. -Stability: Long-term -""" - parsers: [Parser!]! -""" -Stability: Long-term -""" - id: String! -""" -Stability: Long-term -""" - name: RepoOrViewName! -""" -Stability: Long-term -""" - description: String -""" -The point in time the search domain was marked for deletion. -Stability: Long-term -""" - deletedDate: Long -""" -The point in time the search domain will not be restorable anymore. -Stability: Long-term -""" - permanentlyDeletedAt: Long -""" -Stability: Long-term -""" - isStarred: Boolean! -""" -Search limit in milliseconds, which searches should are limited to. -Stability: Long-term -""" - searchLimitedMs: Long -""" -Repositories not part of the search limitation. -Stability: Long-term -""" - reposExcludedInSearchLimit: [String!]! -""" -Returns a specific version of a package given a package version. -Stability: Long-term -""" - packageV2( -""" -The package id of the package to get. -""" - packageId: VersionedPackageSpecifier! - ): Package2! -""" -The available versions of a package. -Stability: Long-term -""" - packageVersions( - packageId: UnversionedPackageSpecifier! - ): [RegistryPackageVersionInfo!]! -""" -Returns a list of available packages that can be installed. -Stability: Long-term -""" - availablePackages( -""" -Filter input to limit the returned packages -""" - filter: String -""" -Packages with any of these tags will be included. No filtering on tags. -""" - tags: [PackageTag!] -""" -Packages with any of these categories will be included. -""" - categories: [String!] - ): [PackageRegistrySearchResultItem!]! -""" -List packages installed on a specific view or repo. -Stability: Long-term -""" - installedPackages: [PackageInstallation!]! -""" -Stability: Long-term -""" - hasPackageInstalled( - packageId: VersionedPackageSpecifier! - ): Boolean! -""" -Users who have access. -Stability: Long-term -""" - users: [User!]! -""" -Users or groups who has access. -Stability: Long-term -""" - usersAndGroups( - search: String -""" -The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1) -""" - skip: Int -""" -The amount of results to return. -""" - limit: Int - ): UsersAndGroupsSearchResultSet! -""" -Search users with a given permission -Stability: Preview -""" - usersV2( -""" -Search for a user whose email or name matches this search string -""" - search: String -""" -Permission that the users must have on the search domain. Leave out to get users with any permission on the view -""" - permissionFilter: Permission -""" -The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1) -""" - skip: Int -""" -The amount of results to return. -""" - limit: Int - ): Users! -""" -Groups with assigned roles. -Stability: Long-term -""" - groups: [Group!]! -""" -Stability: Long-term -""" - starredFields: [String!]! -""" -Stability: Long-term -""" - recentQueriesV2: [RecentQuery!]! -""" -Stability: Long-term -""" - automaticSearch: Boolean! -""" -Check if the current user is allowed to perform the given action on the view. -Stability: Long-term -""" - isActionAllowed( -""" -The action to check if a user is allowed to perform on a view. -""" - action: ViewAction! - ): Boolean! -""" -Returns the all actions the user is allowed to perform on the view. -Stability: Long-term -""" - allowedViewActions: [ViewAction!]! -""" -The query prefix prepended to each search in this domain. -Stability: Long-term -""" - viewerQueryPrefix: String! -""" -All tags from all datasources. -Stability: Long-term -""" - tags: [String!]! -""" -The resource identifier for this search domain. -Stability: Short-term -""" - resource: String! -""" -All interactions defined on the view. -Stability: Long-term -""" - interactions: [ViewInteraction!]! -""" -A saved alert -Stability: Long-term -""" - alert( - id: String! - ): Alert! -""" -Saved alerts. -Stability: Long-term -""" - alerts: [Alert!]! -""" -A saved dashboard. -Stability: Long-term -""" - dashboard( - id: String! - ): Dashboard! -""" -All dashboards available on the view. -Stability: Long-term -""" - dashboards: [Dashboard!]! -""" -A saved filter alert -Stability: Long-term -""" - filterAlert( - id: String! - ): FilterAlert! -""" -Saved filter alerts. -Stability: Long-term -""" - filterAlerts: [FilterAlert!]! -""" -A saved aggregate alert -Stability: Long-term -""" - aggregateAlert( - id: String! - ): AggregateAlert! -""" -Saved aggregate alerts. -Stability: Long-term -""" - aggregateAlerts: [AggregateAlert!]! -""" -A saved scheduled search. -Stability: Long-term -""" - scheduledSearch( -""" -The id of the scheduled search to get. -""" - id: String! - ): ScheduledSearch! -""" -Saved scheduled searches. -Stability: Long-term -""" - scheduledSearches: [ScheduledSearch!]! -""" -A saved action. -Stability: Long-term -""" - action( -""" -The id of the action to get. -""" - id: String! - ): Action! -""" -A list of saved actions. -Stability: Long-term -""" - actions( -""" -The result will only include actions with the specified ids. Omit to find all actions. -""" - actionIds: [String!] - ): [Action!]! -""" -A saved query. -Stability: Long-term -""" - savedQuery( - id: String! - ): SavedQuery! -""" -Saved queries. -Stability: Long-term -""" - savedQueries: [SavedQuery!]! -""" -Stability: Long-term -""" - defaultQuery: SavedQuery -""" -Stability: Long-term -""" - files: [File!]! -""" -Stability: Long-term -""" - fileFieldSearch( -""" -Name of the csv or json file to retrieve the field entries from. -""" - fileName: String! -""" -Name of the field in the file to return entries from. -""" - fieldName: String! -""" -Text to filter values by prefix on. -""" - prefixFilter: String -""" -The exact values that given fields should have for an entry to be part of the result. -""" - valueFilters: [FileFieldFilterType!]! -""" -Names of the fields to include in the result. -""" - fieldsToInclude: [String!]! -""" -Maximum number of values to retrieve from the file. -""" - maxEntries: Int! - ): [[DictionaryEntryType!]!]! -""" -Saved scheduled reports. -Stability: Long-term -""" - scheduledReports: [ScheduledReport!]! -""" -Saved scheduled report. -Stability: Long-term -""" - scheduledReport( -""" -The id of the scheduled report to get. -""" - id: String! - ): ScheduledReport + "ARN of the role to be assumed." + roleArn: String! + + "AWS region. For options see: https://docs.aws.amazon.com/general/latest/gr/s3.html" + awsRegion: String! + + "Name of the bucket." + bucketName: String! + + "Name of the file(s). You can use most message templates for this. See documentation for S3 action: https://library.humio.com/data-analysis/automated-actions-s3.html" + fileName: String! + + "Output format type for the result. Can be either NDJSON or CSV." + outputFormat: S3ActionEventOutputFormat! + + "Whether to output metadata for the result. Metadata will be output as a separate JSON file." + outputMetadata: Boolean! + + "Defines whether the action should use the configured HTTP proxy to send requests." + useProxy: Boolean = true + + """ + Name of the action.. + This is a mock value, the trigger does not have to exist. + """ + triggerName: String! + + """ + JSON data representing zero or more events. + One event can be supplied as a JSON object. + Multiple events must be supplied as a list of JSON objects. + """ + eventData: String! +} + +"Data for testing a Slack action." +input TestSlackAction { + "Name of the view of the action." + viewName: String! + + "Name of the action." + name: String! + + "Slack webhook url to send the request to." + url: String! + + "Fields to include within the Slack message. Can be templated with values from the result." + fields: [SlackFieldEntryInput!]! + + "Defines whether the action should use the configured HTTP proxy to send requests." + useProxy: Boolean! + + """ + Name of the action.. + This is a mock value, the trigger does not have to exist. + """ + triggerName: String! + + """ + JSON data representing zero or more events. + One event can be supplied as a JSON object. + Multiple events must be supplied as a list of JSON objects. + """ + eventData: String! } -""" -The data type of a repository. Indicates which type of data the repository is restricted to - e.g. 'Falcon' for repository intended for Falcon data -""" -enum RepositoryDataType { - FALCON - ANYDATA +"Data for testing an upload file action." +input TestUploadFileAction { + "Name of the view of the action." + viewName: String! + + "Name of the action." + name: String! + + "File name for the uploaded file." + fileName: String! + + """ + Name of the action.. + This is a mock value, the trigger does not have to exist. + """ + triggerName: String! + + """ + JSON data representing zero or more events. + One event can be supplied as a JSON object. + Multiple events must be supplied as a list of JSON objects. + """ + eventData: String! + + "The mode for the file update." + updateMode: UpdateMode = Overwrite + + "Key columns to use to update the file. This only allowed when `updateMode` is set to `update`, in which case it is mandatory. If new rows match existing rows in these columns, the existing row will be updated. If not, new rows will be appended." + keyColumns: [String!] + + "Whether to match key columns case insensitively or not. Should only be set when `updateMode` is `Update`, in which case it is mandatory." + keyColumnsIgnoreCase: Boolean } -""" -The repository type of a repository -""" -enum RepositoryType { - PERSONAL - TRIAL - DEFAULT - SYSTEM - MANAGED +"Data for testing a VictorOps action." +input TestVictorOpsAction { + "Name of the view of the action." + viewName: String! + + "Name of the action." + name: String! + + "Type of the VictorOps message to make." + messageType: String! + + "VictorOps webhook url to send the request to." + notifyUrl: String! + + "Defines whether the action should use the configured HTTP proxy to send requests." + useProxy: Boolean! + + """ + Name of the action.. + This is a mock value, the trigger does not have to exist. + """ + triggerName: String! + + """ + JSON data representing zero or more events. + One event can be supplied as a JSON object. + Multiple events must be supplied as a list of JSON objects. + """ + eventData: String! } -type RepositoryUsageValue { -""" -Stability: Long-term -""" - name: String -""" -Stability: Long-term -""" - valueBytes: Long! -""" -Stability: Long-term -""" - percentage: Float! -""" -Stability: Long-term -""" - id: String! +"Data for testing a webhook action." +input TestWebhookAction { + "Name of the view of the action." + viewName: String! + + "Name of the action." + name: String! + + "Url to send the http(s) request to." + url: String! + + "Method to use for the request." + method: String! + + "Headers of the http(s) request." + headers: [HttpHeaderEntryInput!]! + + "Body of the http(s) request. Can be templated with values from the result." + bodyTemplate: String! + + "Flag indicating whether SSL should be ignored for the request." + ignoreSSL: Boolean! + + "Defines whether the action should use the configured HTTP proxy to send requests." + useProxy: Boolean! + + """ + Name of the action.. + This is a mock value, the trigger does not have to exist. + """ + triggerName: String! + + """ + JSON data representing zero or more events. + One event can be supplied as a JSON object. + Multiple events must be supplied as a list of JSON objects. + """ + eventData: String! } -type Role { -""" -Stability: Long-term -""" - id: String! -""" -Stability: Long-term -""" - displayName: String! - color: String -""" -Stability: Long-term -""" - description: String -""" -Stability: Long-term -""" - viewPermissions: [Permission!]! -""" -Stability: Long-term -""" - systemPermissions: [SystemPermission!]! -""" -Stability: Long-term -""" - organizationPermissions: [OrganizationPermission!]! -""" -Stability: Long-term -""" - organizationManagementPermissions: [OrganizationManagementPermission!]! -""" -Stability: Long-term -""" - groupsCount: Int! -""" -Stability: Long-term -""" - usersCount: Int! -""" -Stability: Long-term -""" - users: [User!]! -""" -Stability: Long-term -""" - groupsV2( - search: String - userId: String - searchInRoles: Boolean - onlyIncludeGroupsWithRestrictiveQueryPrefix: Boolean -""" -The amount of results to return. -""" - limit: Int -""" -The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1) -""" - skip: Int - ): GroupResultSetType! -""" -Stability: Long-term -""" - groups: [Group!]! -""" -Stability: Preview -""" - readonlyDefaultRole: ReadonlyDefaultRole +"Color that changes based on theme." +type ThemedColor { + """ + A hex color for light theme. + Stability: Long-term + """ + light: String! @stability(level: LongTerm) + + """ + A hex color for dark theme. + Stability: Long-term + """ + dark: String! @stability(level: LongTerm) } -""" -A page of roles. -""" -type RolePage { -""" -Stability: Long-term -""" - pageInfo: PageType! -""" -Stability: Long-term -""" - page: [Role!]! +"Color that changes based on theme." +input ThemedColorInput { + "A hex color for light theme." + light: String! + + "A hex color for dark theme." + dark: String! } -""" -The roles query result set. -""" -type RolesResultSetType { -""" -The total number of matching results -Stability: Long-term -""" - totalResults: Int! -""" -The paginated result set -Stability: Long-term -""" - results: [Role!]! +"A time interval that represents either a fixed or relative time range." +type TimeInterval { + "Stability: Long-term" + start: String! @stability(level: LongTerm) + + "Stability: Long-term" + end: String! @stability(level: LongTerm) } -""" -Queries that are currently being executed -""" -type RunningQueries { -""" -Number of milliseconds until next update is available -Stability: Long-term -""" - updateAvailableIn: Long! -""" -Total number of queries being executed -Stability: Long-term -""" - totalNumberOfQueries: Int! -""" -Total number of live queries being executed -Stability: Long-term -""" - totalNumberOfLiveQueries: Int! -""" -Total number of clients querying -Stability: Long-term -""" - totalNumberOfClients: Int! -""" -Total size of skipped bytes for all queries being executed -Stability: Long-term -""" - totalSkippedBytes: Long! -""" -Total size of included bytes for all queries being executed -Stability: Long-term -""" - totalIncludedBytes: Long! -""" -Total size of remaining bytes to be processed for all queries being executed -Stability: Long-term -""" - totalQueuedBytes: Long! -""" -Queries being executed, at most 1000 queries are returned. -Stability: Long-term -""" - queries: [RunningQuery!]! +input TimeIntervalInput { + start: String! + end: String! } -""" -A query that is currently being executed. -""" -type RunningQuery { -""" -Stability: Long-term -""" - id: String! -""" -Stability: Long-term -""" - clients: [Client!]! -""" -Stability: Long-term -""" - initiatedBy: String -""" -Stability: Long-term -""" - isLive: Boolean! -""" -Stability: Long-term -""" - isHistoricDone: Boolean! -""" -Stability: Long-term -""" - queryInput: String! -""" -Stability: Long-term -""" - queryPrefix: String! -""" -Stability: Long-term -""" - coordinatorId: String! -""" -Stability: Long-term -""" - totalWork: Int! -""" -Stability: Long-term -""" - workDone: Int! -""" -Stability: Long-term -""" - view: String! -""" -The organization owning the query, if any. -Stability: Long-term -""" - organization: Organization -""" -Stability: Long-term -""" - timeInMillis: Long! -""" -Stability: Long-term -""" - timeQueuedInMillis: Long! -""" -Stability: Long-term -""" - isDashboard: Boolean! -""" -Stability: Long-term -""" - estimatedTotalBytes: Long! -""" -Stability: Long-term -""" - skippedBytes: Long! -""" -Stability: Long-term -""" - includedBytes: Long! -""" -Stability: Long-term -""" - processedEvents: Long! -""" -Static CPU time spent since query started -Stability: Long-term -""" - mapMillis: Float! -""" -Static CPU time spent the last 30 seconds -Stability: Long-term -""" - deltaMapMillis: Float! -""" -Live CPU time spent since query started -Stability: Long-term -""" - liveMillis: Float! -""" -Live CPU time spent the last 30 seconds -Stability: Long-term -""" - deltaLiveMillis: Float! -""" -Stability: Long-term -""" - mapAllocations: Long! -""" -Stability: Long-term -""" - liveAllocations: Long! -""" -Stability: Long-term -""" - reduceAllocations: Long! -""" -Stability: Long-term -""" - totalAllocations: Long! -""" -Stability: Long-term -""" - deltaTotalAllocations: Long! -""" -Stability: Long-term -""" - timeInterval: String! -""" -Stability: Long-term -""" - timeZoneOffSetMinutes: Int! -""" -Stability: Long-term -""" - queryArgs: String! -""" -Stability: Long-term -""" - status: String! -""" -Total cost calculation. -Stability: Long-term -""" - totalCost: Float! -""" -Live cost calculation -Stability: Long-term -""" - liveCost: Float! -""" -Static cost calculation -Stability: Long-term -""" - staticCost: Float! -""" -Total cost calculation last 30 seconds. -Stability: Long-term -""" - deltaTotalCost: Float! -""" -Live cost calculation last 30 seconds. -Stability: Long-term -""" - deltaLiveCost: Float! -""" -Static cost calculation last 30 seconds. -Stability: Long-term -""" - deltaStaticCost: Float! +"A token." +interface Token { + """ + The id of the token. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + The name of the token. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + The time at which the token expires. + Stability: Long-term + """ + expireAt: Long @stability(level: LongTerm) + + """ + The ip filter on the token. + Stability: Long-term + """ + ipFilter: String @stability(level: LongTerm) + + """ + The ip filter on the token. + Stability: Long-term + """ + ipFilterV2: IPFilter @stability(level: LongTerm) + + """ + The date the token was created. + Stability: Long-term + """ + createdAt: Long! @stability(level: LongTerm) +} + +"Committed using a token." +type TokenCommitAuthor implements AssetCommitAuthor { + """ + Id of the token used for the commit. + Stability: Long-term + """ + tokenId: String! @stability(level: LongTerm) + + """ + A common string representation of an author + Stability: Long-term + """ + displayString: String! @stability(level: LongTerm) +} + +input TokenInput { + token: String! +} + +"The token query result set" +type TokenQueryResultSet { + """ + The total number of matching results + Stability: Long-term + """ + totalResults: Int! @stability(level: LongTerm) + + """ + The paginated result set + Stability: Long-term + """ + results: [Token!]! @stability(level: LongTerm) +} + +"Security policies for tokens in the organization" +type TokenSecurityPolicies { + """ + Whether personal user tokens are enabled + Stability: Short-term + """ + personalUserTokensEnabled: Boolean! @stability(level: ShortTerm) + + """ + Maximum time in ms a personal user token can be used before expiring (TTL) + Stability: Short-term + """ + personalUserTokensEnforceExpirationAfterMs: Long @stability(level: ShortTerm) + + """ + The IP filter that is enforced on all personal user tokens + Stability: Short-term + """ + personalUserTokensEnforceIpFilter: IPFilter @stability(level: ShortTerm) + + """ + Whether view permission tokens are enabled + Stability: Short-term + """ + viewPermissionTokensEnabled: Boolean! @stability(level: ShortTerm) + + """ + Maximum time in ms a view permission token can be used before expiring (TTL) + Stability: Short-term + """ + viewPermissionTokensEnforceExpirationAfterMs: Long @stability(level: ShortTerm) + + """ + The IP filter that is enforced on all view permission tokens + Stability: Short-term + """ + viewPermissionTokensEnforceIpFilter: IPFilter @stability(level: ShortTerm) + + """ + Whether it is allowed to change permissions on existing view permission tokens + Stability: Short-term + """ + viewPermissionTokensAllowPermissionUpdates: Boolean @stability(level: ShortTerm) + + """ + Whether organization permission tokens are enabled + Stability: Short-term + """ + organizationPermissionTokensEnabled: Boolean! @stability(level: ShortTerm) + + """ + Maximum time in ms a organization permission token can be used before expiring (TTL) + Stability: Short-term + """ + organizationPermissionTokensEnforceExpirationAfterMs: Long @stability(level: ShortTerm) + + """ + The IP filter that is enforced on all organization permission tokens + Stability: Short-term + """ + organizationPermissionTokensEnforceIpFilter: IPFilter @stability(level: ShortTerm) + + """ + Whether it is allowed to change permissions on existing organization permission tokens + Stability: Short-term + """ + organizationPermissionTokensAllowPermissionUpdates: Boolean @stability(level: ShortTerm) + + """ + Whether system permission tokens are enabled + Stability: Short-term + """ + systemPermissionTokensEnabled: Boolean! @stability(level: ShortTerm) + + """ + Maximum time in ms a system permission token can be used before expiring (TTL) + Stability: Short-term + """ + systemPermissionTokensEnforceExpirationAfterMs: Long @stability(level: ShortTerm) + + """ + The IP filter that is enforced on all system permission tokens + Stability: Short-term + """ + systemPermissionTokensEnforceIpFilter: IPFilter @stability(level: ShortTerm) + + """ + Whether it is allowed to change permissions on existing system permission tokens + Stability: Short-term + """ + systemPermissionTokensAllowPermissionUpdates: Boolean @stability(level: ShortTerm) +} + +"Data for updating token security policies" +input TokenSecurityPoliciesInput { + "Whether personal user tokens should be enabled" + personalUserTokensEnabled: Boolean! + + "Maximum time in ms a personal user token can be used before expiring (TTL)" + personalUserTokensEnforceExpirationAfterMs: Long + + "The IP filter that will be enforced on all personal user tokens" + personalUserTokensEnforceIpFilterId: String + + "Whether view permission tokens should be enabled" + viewPermissionTokensEnabled: Boolean! + + "Maximum time in ms a view permission token can be used before expiring (TTL)" + viewPermissionTokensEnforceExpirationAfterMs: Long + + "The IP filter that will be enforced on all view permission tokens" + viewPermissionTokensEnforceIpFilterId: String + + "Whether it should be allowed to change permissions on existing view permission tokens" + viewPermissionTokensAllowPermissionUpdates: Boolean! + + "Whether organization permission tokens should be enabled" + organizationPermissionTokensEnabled: Boolean! + + "Maximum time in ms an organization permission token can be used before expiring (TTL)" + organizationPermissionTokensEnforceExpirationAfterMs: Long + + "The IP filter that will be enforced on all organization permission tokens" + organizationPermissionTokensEnforceIpFilterId: String + + "Whether it should be allowed to change permissions on existing organization permission tokens" + organizationPermissionTokensAllowPermissionUpdates: Boolean! + + "Whether system permission tokens should be enabled" + systemPermissionTokensEnabled: Boolean + + "Maximum time in ms a system permission token can be used before expiring (TTL)" + systemPermissionTokensEnforceExpirationAfterMs: Long + + "The IP filter that will be enforced on all system permission tokens" + systemPermissionTokensEnforceIpFilterId: String + + "Whether it should be allowed to change permissions on existing system permission tokens" + systemPermissionTokensAllowPermissionUpdates: Boolean +} + +enum Tokens__SortBy { + ExpirationDate + Name +} + +enum Tokens__Type { + OrganizationManagementPermissionToken + OrganizationPermissionToken + SystemPermissionToken + ViewPermissionToken +} + +"Represents information about an on-going trial of LogScale." +type TrialLicense implements License { + """ + The time at which the trial ends. + Stability: Long-term + """ + expiresAt: DateTime! @stability(level: LongTerm) + + """ + The time at which the trial started. + Stability: Long-term + """ + issuedAt: DateTime! @stability(level: LongTerm) +} + +"Trigger mode for an aggregate alert." +enum TriggerMode { + "Wait for up to 20 minutes for a complete result before triggering." + CompleteMode + + "Trigger immediately, even on incomplete results. If nothing to trigger on, wait for up to 20 minutes for there to be a result to trigger on." + ImmediateMode +} + +"Data for trigger polling an ingest feed" +input TriggerPollIngestFeed { + "Name of the repository of the ingest feed." + repositoryName: RepoOrViewName! + + "Id of the ingest feed." + id: String! +} + +scalar URL + +enum UiTheme { + Auto + Dark + Light +} + +type UnassignIngestTokenMutation { + "Stability: Long-term" + repository: Repository! @stability(level: LongTerm) +} + +type UnassignOrganizationManagementRoleFromGroup { + "Stability: Preview" + group: Group! @stability(level: Preview) +} + +input UnassignOrganizationManagementRoleFromGroupInput { + groupId: String! + roleId: String! + organizationIds: [String!]! +} + +type UnassignOrganizationRoleFromGroup { + "Stability: Long-term" + group: Group! @stability(level: LongTerm) +} + +type UnassignRoleFromGroup { + "Stability: Long-term" + group: Group! @stability(level: LongTerm) } -""" -The format to store archived segments in AWS S3. -""" -enum S3ArchivingFormat { - RAW - NDJSON +type UnassignSystemRoleFromGroup { + "Stability: Long-term" + group: Group! @stability(level: LongTerm) } -""" -Configuration for S3 archiving. E.g. bucket name and region. -""" -type S3Configuration implements ArchivingConfiguration{ -""" -S3 bucket name for storing archived data. Example: acme-bucket. -Stability: Short-term -""" - bucket: String! -""" -The region the S3 bucket belongs to. Example: eu-central-1. -Stability: Short-term -""" - region: String! -""" -Do not archive logs older than this. -Stability: Short-term -""" - startFrom: DateTime -""" -Whether the archiving has been disabled. -Stability: Short-term -""" - disabled: Boolean -""" -The format to store the archived data in on S3. -Stability: Short-term -""" - format: S3ArchivingFormat -""" -Array of names of tag fields to use in that order in the output file names. -Stability: Short-term -""" - tagOrderInName: [String!]! -""" -The ARN of the AWS Role that is assumed when writing to S3. -Stability: Short-term -""" - roleArn: String +type UnblockIngestMutation { + "Stability: Long-term" + repository: Repository! @stability(level: LongTerm) } -""" -A SAML Identity Provider -""" -type SamlIdentityProvider implements IdentityProviderAuthentication{ -""" -Stability: Long-term -""" - id: String! -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - domains: [String!]! -""" -Stability: Long-term -""" - groupMembershipAttribute: String -""" -Stability: Long-term -""" - idpCertificateInBase64: String! -""" -Stability: Long-term -""" - idpEntityId: String! -""" -Stability: Long-term -""" - signOnUrl: String! -""" -Stability: Long-term -""" - authenticationMethod: AuthenticationMethodAuth! -""" -Stability: Long-term -""" - userAttribute: String -""" -Stability: Long-term -""" - adminAttribute: String -""" -Stability: Long-term -""" - adminAttributeMatch: String -""" -Stability: Long-term -""" - alternativeIdpCertificateInBase64: String -""" -Stability: Long-term -""" - defaultIdp: Boolean! -""" -Stability: Long-term -""" - humioManaged: Boolean! -""" -Stability: Long-term -""" - lazyCreateUsers: Boolean! -""" -Stability: Long-term -""" - debug: Boolean! +"A widget that represents an unknown widget type." +type UnknownWidget implements Widget { + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + title: String! @stability(level: LongTerm) + + "Stability: Long-term" + description: String @stability(level: LongTerm) + + "Stability: Long-term" + x: Int! @stability(level: LongTerm) + + "Stability: Long-term" + y: Int! @stability(level: LongTerm) + + "Stability: Long-term" + width: Int! @stability(level: LongTerm) + + "Stability: Long-term" + height: Int! @stability(level: LongTerm) } -type SamlMetadata { -""" -Stability: Long-term -""" - entityID: String! -""" -Stability: Long-term -""" - signOnUrl: String! -""" -Stability: Long-term -""" - certificate: String! +type Unlimited implements contractual { + "\nStability: Long-term" + includeUsage: Boolean! @stability(level: LongTerm) } -""" -A query saved for later use. -""" -type SavedQuery { -""" -A YAML formatted string that describes the saved query. -""" - templateYaml: String! -""" -A YAML formatted string that describes the saved query. -Stability: Long-term -""" - yamlTemplate: YAML! -""" -Stability: Long-term -""" - id: String! -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - displayName: String! -""" -Stability: Long-term -""" - description: String - assetType: AssetType! -""" -Stability: Long-term -""" - query: HumioQuery! -""" -Stability: Long-term -""" - isStarred: Boolean! -""" -Stability: Long-term -""" - widgetType: String! -""" -Stability: Long-term -""" - options: JSON! -""" -Stability: Long-term -""" - packageId: VersionedPackageSpecifier -""" -Stability: Long-term -""" - package: PackageInstallation -""" -Stability: Long-term -""" - interactions: [QueryBasedWidgetInteraction!]! -""" -Allowed asset actions -Stability: Preview -""" - allowedActions: [AssetAction!]! -""" -The resource identifier for this saved query. -Stability: Short-term -""" - resource: String! +type UnlimitedUsage { + "Stability: Long-term" + unlimited: Boolean! @stability(level: LongTerm) } -type SavedQueryTemplate { -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - displayName: String! -""" -Stability: Long-term -""" - yamlTemplate: String! +type UnregisterNodeMutation { + "Stability: Long-term" + cluster: Cluster! @stability(level: LongTerm) } -type ScannedData { -""" -Stability: Long-term -""" - currentBytes: Long! -""" -Stability: Long-term -""" - limit: UsageLimit! +"An unsaved aggregate alert." +type UnsavedAggregateAlert { + """ + Name of the aggregate alert. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + Description of the aggregate alert. + Stability: Long-term + """ + description: String @stability(level: LongTerm) + + """ + LogScale query to execute. + Stability: Long-term + """ + queryString: String! @stability(level: LongTerm) + + """ + List of actions to fire on query result. + Stability: Long-term + """ + actions: [Action!]! @stability(level: LongTerm) + + """ + Labels attached to the aggregate alert. + Stability: Long-term + """ + labels: [String!]! @stability(level: LongTerm) + + """ + Flag indicating whether the aggregate alert is enabled. + Stability: Long-term + """ + enabled: Boolean! @stability(level: LongTerm) + + """ + Throttle time in seconds. + Stability: Long-term + """ + throttleTimeSeconds: Long! @stability(level: LongTerm) + + """ + A field to throttle on. Can only be set if throttleTimeSeconds is set. + Stability: Long-term + """ + throttleField: String @stability(level: LongTerm) + + """ + Timestamp type to use for a query. + Stability: Long-term + """ + queryTimestampType: QueryTimestampType! @stability(level: LongTerm) + + """ + Trigger mode used for triggering the alert. + Stability: Long-term + """ + triggerMode: TriggerMode! @stability(level: LongTerm) + + """ + Search interval in seconds. + Stability: Long-term + """ + searchIntervalSeconds: Long! @stability(level: LongTerm) +} + +"An unsaved alert." +type UnsavedAlert { + """ + Name of the alert. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + Description of the alert. + Stability: Long-term + """ + description: String @stability(level: LongTerm) + + """ + LogScale query to execute. + Stability: Long-term + """ + queryString: String! @stability(level: LongTerm) + + """ + Start of the relative time interval for the query. + Stability: Long-term + """ + queryStart: String! @stability(level: LongTerm) + + """ + Throttle time in milliseconds. + Stability: Long-term + """ + throttleTimeMillis: Long! @stability(level: LongTerm) + + """ + Field to throttle on. + Stability: Long-term + """ + throttleField: String @stability(level: LongTerm) + + """ + List of ids for actions to fire on query result. + Stability: Long-term + """ + actions: [Action!]! @stability(level: LongTerm) + + """ + Labels attached to the alert. + Stability: Long-term + """ + labels: [String!]! @stability(level: LongTerm) + + """ + Flag indicating whether the alert is enabled. + Stability: Long-term + """ + enabled: Boolean! @stability(level: LongTerm) +} + +"An unsaved filter alert." +type UnsavedFilterAlert { + """ + Name of the filter alert. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + Description of the filter alert. + Stability: Long-term + """ + description: String @stability(level: LongTerm) + + """ + LogScale query to execute. + Stability: Long-term + """ + queryString: String! @stability(level: LongTerm) + + """ + List of ids for actions to fire on query result. + Stability: Long-term + """ + actions: [Action!]! @stability(level: LongTerm) + + """ + Labels attached to the filter alert. + Stability: Long-term + """ + labels: [String!]! @stability(level: LongTerm) + + """ + Flag indicating whether the filter alert is enabled. + Stability: Long-term + """ + enabled: Boolean! @stability(level: LongTerm) + + """ + Throttle time in seconds. + Stability: Long-term + """ + throttleTimeSeconds: Long @stability(level: LongTerm) + + """ + A field to throttle on. Can only be set if throttleTimeSeconds is set. + Stability: Long-term + """ + throttleField: String @stability(level: LongTerm) +} + +"The contents of a parser YAML template in structured form. The parser needs to be persisted before it can be deployed." +type UnsavedParser { + """ + Name of the parser. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + The description of the parser. + Stability: Long-term + """ + description: String @stability(level: LongTerm) + + """ + The parser script that is executed for every incoming event. + Stability: Long-term + """ + script: String! @stability(level: LongTerm) + + """ + Fields that are used as tags. + Stability: Long-term + """ + fieldsToTag: [String!]! @stability(level: LongTerm) + + """ + A list of fields that will be removed from the event before it's parsed. These fields will not be included when calculating usage. + Stability: Long-term + """ + fieldsToBeRemovedBeforeParsing: [String!]! @stability(level: LongTerm) + + """ + Test cases that can be used to help verify that the parser works as expected. + Stability: Long-term + """ + testCases: [ParserTestCase!]! @stability(level: LongTerm) +} + +"An unsaved scheduled search." +type UnsavedScheduledSearch { + """ + Name of the scheduled search. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + Description of the scheduled search. + Stability: Long-term + """ + description: String @stability(level: LongTerm) + + """ + LogScale query to execute. + Stability: Long-term + """ + queryString: String! @stability(level: LongTerm) + + "Start of the relative time interval for the query." + start: String! @deprecated(reason: "[DEPRECATED: Use 'searchIntervalSeconds' instead. Will be removed at the earliest in version 1.231]") + + "End of the relative time interval for the query." + end: String! @deprecated(reason: "[DEPRECATED: Use 'searchIntervalOffsetSeconds' instead. Will be removed at the earliest in version 1.231]") + + """ + Cron pattern describing the schedule to execute the query on. + Stability: Long-term + """ + schedule: String! @stability(level: LongTerm) + + """ + Time zone of the schedule. Currently this field only supports UTC offsets like 'UTC', 'UTC-01' or 'UTC+12:45'. + Stability: Long-term + """ + timeZone: String! @stability(level: LongTerm) + + "User-defined limit, which caps the number of missed searches to backfill, e.g. in the event of a shutdown. If the 'queryTimestampType' is IngestTimestamp this field is not used, but due to backwards compatibility a value of 0 is returned." + backfillLimit: Int! @deprecated(reason: "[DEPRECATED: Use 'backfillLimitV2' instead. Will be removed at the earliest in version 1.231]") + + """ + User-defined limit, which caps the number of missed searches to backfill, e.g. in the event of a shutdown. Only present when 'queryTimestampType' is EventTimestamp. + Stability: Long-term + """ + backfillLimitV2: Int @stability(level: LongTerm) + + """ + Search interval in seconds. + Stability: Long-term + """ + searchIntervalSeconds: Long! @stability(level: LongTerm) + + """ + Offset of the search interval in seconds. Only present when 'queryTimestampType' is EventTimestamp. + Stability: Long-term + """ + searchIntervalOffsetSeconds: Long @stability(level: LongTerm) + + """ + Maximum number of seconds to wait for ingest delay. Only present when 'queryTimestampType' is IngestTimestamp. + Stability: Long-term + """ + maxWaitTimeSeconds: Long @stability(level: LongTerm) + + """ + Timestamp type to use for the query. + Stability: Long-term + """ + queryTimestampType: QueryTimestampType! @stability(level: LongTerm) + + """ + List of Ids for actions to fire on query result. + Stability: Long-term + """ + actions: [Action!]! @stability(level: LongTerm) + + """ + Labels attached to the scheduled search. + Stability: Long-term + """ + labels: [String!]! @stability(level: LongTerm) + + """ + Flag indicating whether the scheduled search is enabled. + Stability: Long-term + """ + enabled: Boolean! @stability(level: LongTerm) + + """ + Flag indicating whether the scheduled search should trigger when it finds en empty result (no events). + Stability: Long-term + """ + triggerOnEmptyResult: Boolean! @stability(level: LongTerm) } -""" -A scheduled report schedule properties -""" -type Schedule { -""" -Cron pattern describing the schedule to execute the report on. -Stability: Long-term -""" - cronExpression: String! -""" -Timezone of the schedule. Examples include UTC, Europe/Copenhagen. -Stability: Long-term -""" - timeZone: String! -""" -Start date of the active period of the schedule. -Stability: Long-term -""" - startDate: Long! -""" -Optional end date of the active period of the schedule. -Stability: Long-term -""" - endDate: Long +input UnsetDynamicConfigInputObject { + config: DynamicConfig! } -""" -Information about a scheduled report -""" -type ScheduledReport { -""" -Id of the scheduled report. -Stability: Long-term -""" - id: String! -""" -Name of the scheduled report. -Stability: Long-term -""" - name: String! -""" -Flag indicating whether a password is defined for the report. -Stability: Long-term -""" - isPasswordDefined: Boolean! -""" -Flag indicating whether the scheduled report is enabled. -Stability: Long-term -""" - enabled: Boolean! -""" -Status of the latest report execution. -Stability: Long-term -""" - status: String! -""" -Description of the scheduled report. -Stability: Long-term -""" - description: String! -""" -The id of the dashboard the report was created for. -Stability: Long-term -""" - dashboardId: String! -""" -The dashboard the report was created for. -Stability: Long-term -""" - dashboard: Dashboard! -""" -Unix timestamp for the last report execution. The timestamp only indicates an attempt, not if it was successful. -Stability: Long-term -""" - timeOfLastReportExecution: Long -""" -Unix timestamp for the next planned report execution. -Stability: Long-term -""" - timeOfNextPlannedReportExecution: Long -""" -Last errors encountered while generating the scheduled report. -Stability: Long-term -""" - lastExecutionErrors: [String!]! -""" -Last warnings encountered while generating the scheduled report. -Stability: Long-term -""" - lastExecutionWarnings: [String!]! -""" -User who created the report. -Stability: Long-term -""" - createdBy: User -""" -Date when the report was created. -Stability: Long-term -""" - creationDate: String! -""" -Start of the relative time interval for the dashboard. -Stability: Long-term -""" - timeIntervalStart: String -""" -The schedule to run the report by. -Stability: Long-term -""" - schedule: Schedule! -""" -Labels attached to the scheduled report. -Stability: Long-term -""" - labels: [String!]! -""" -List of parameter value configurations. -Stability: Long-term -""" - parameters: [ParameterValue!]! -""" -List of recipients who should receive an email with the generated report. -Stability: Long-term -""" - recipients: [String!]! -""" -Layout of the scheduled report. -Stability: Long-term -""" - layout: ScheduledReportLayout! -""" -Allowed asset actions -Stability: Preview -""" - allowedActions: [AssetAction!]! -""" -The resource identifier for this scheduled report. -Stability: Short-term -""" - resource: String! +scalar UnversionedPackageSpecifier + +"Data for updating an aggregate alert." +input UpdateAggregateAlert { + "Name of the view of the aggregate alert." + viewName: RepoOrViewName! + + "Id of the aggregate alert." + id: String! + + "Name of the aggregate alert." + name: String! + + "Description of the aggregate alert." + description: String + + "LogScale query to execute." + queryString: String! + + "List of ids or names for actions to fire on query result. At most 10 actions can be added. Actions in packages can be referred to as \"packagescope/packagename:actionname\"." + actionIdsOrNames: [String!]! + + "Labels attached to the aggregate alert." + labels: [String!]! + + "Flag indicating whether the aggregate alert is enabled." + enabled: Boolean! + + "Throttle time in seconds." + throttleTimeSeconds: Long! + + "A field to throttle on. Can only be set if throttleTimeSeconds is set." + throttleField: String + + "Search interval in seconds. Valid values are: 1-80 minutes in seconds divisible by 60 (60, 120, ..., 4800 seconds), 82-180 minutes in seconds divisible by 120 (4920, 5040, ..., 10800 seconds) and 4-24 hours in seconds divisible by 3600 (14400, 18000, ..., 86400 seconds)." + searchIntervalSeconds: Long! + + "Timestamp type to use for a query." + queryTimestampType: QueryTimestampType! + + "Trigger mode used for triggering the alert." + triggerMode: TriggerMode! + + "The aggregate alert will run with the permissions of the user corresponding to this id if 'queryOwnershipType' is set to User. If 'queryOwnershipType' is set to Organization, whilst 'runAsUserId' is set, this will result in an error. If not specified, the scheduled search will run with the permissions of the calling user. It requires the 'ChangeTriggersToRunAsOtherUsers' permission to set this field to a user id different from the calling user." + runAsUserId: String + + "Ownership of the query run by this aggregate alert. If value is User, ownership will be based on the 'runAsUserId' field." + queryOwnershipType: QueryOwnershipType! +} + +"Data for updating an alert" +input UpdateAlert { + "Name of the view of the legacy alert." + viewName: String! + + "Id of the legacy alert." + id: String! + + "Name of the alert." + name: String! + + "Description of the alert." + description: String + + "LogScale query to execute." + queryString: String! + + "Start of the relative time interval for the query." + queryStart: String! + + "Throttle time in milliseconds." + throttleTimeMillis: Long! + + "Field to throttle on." + throttleField: String + + "The alert will run with the permissions of the user corresponding to this id if 'queryOwnershipType' is set to User. If 'queryOwnershipType' is set to Organization, whilst 'runAsUserId' is set, this will result in an error. If not specified, the scheduled search will run with the permissions of the calling user. It requires the 'ChangeTriggersToRunAsOtherUsers' permission to set this field to a user id different from the calling user." + runAsUserId: String + + "Flag indicating whether the alert is enabled." + enabled: Boolean! + + "List of ids or names for actions to fire on query result. At most 10 actions can be added. Actions in packages can be referred to as \"packagescope/packagename:actionname\"." + actions: [String!]! + + "Labels attached to the alert." + labels: [String!]! + + "Ownership of the query run by this alert. If value is User, ownership will be based on the 'runAsUserId' field." + queryOwnershipType: QueryOwnershipType = User +} + +"Data for updating an ingest feed which uses AWS S3 with SQS. The update is a delta update." +input UpdateAwsS3SqsIngestFeed { + "Name of the repository of the ingest feed." + repositoryName: RepoOrViewName! + + "Id of the ingest feed." + id: String! + + "Name of the ingest feed." + name: String + + "If the description should be cleared, supply an `UpdateDescription` object with no value or a `null` value. If the description should be changed, supply an `UpdateDescription`object with the desired value." + description: UpdateIngestFeedDescription + + "The id or name of the parser that should be used to parse the ingest feed. Parsers in packages can be referred to as: \"packagescope/packagename:parsername\"" + parser: String + + "How to authenticate to AWS." + authentication: IngestFeedAwsAuthenticationInput + + "AWS SQS queue url." + sqsUrl: String + + "The AWS region to connect to." + region: String + + "Ingest feed enabled state." + enabled: Boolean + + "The preprocessing to apply to an ingest feed before parsing." + preprocessing: IngestFeedPreprocessingInput + + "Compression scheme of the file." + compression: IngestFeedCompression +} + +"Data for updating an ingest feed which uses Azure Event Hubs. The update is a delta update." +input UpdateAzureEventHubIngestFeed { + "Name of the repository of the ingest feed." + repositoryName: RepoOrViewName! + + "Id of the ingest feed." + id: String! + + "Name of the ingest feed." + name: String + + "If the description should be cleared, supply an `UpdateDescription` object with no value or a `null` value. If the description should be changed, supply an `UpdateDescription`object with the desired value." + description: UpdateIngestFeedDescription + + "The id or name of the parser that should be used to parse the ingest feed. Parsers in packages can be referred to as: \"packagescope/packagename:parsername\"" + parser: String + enabled: Boolean + + "Fully qualified namespace of the Event Hub. Often structured like this: .servicebus.windows.net" + eventHubFullyQualifiedNamespace: String + + "Name of the Event Hub." + eventHubName: String + + "Consumer group for the Event Hub" + consumerGroup: String + + "The preprocessing to apply to an ingest feed before parsing." + preprocessing: AzureEventHubsPreprocessingInput + + "Configuration for how the Event Hub checkpoints should be handled." + checkpointHandling: AzureEventHubsCheckpointHandlingInput + + "Specifies the starting point for reading events from the Event Hub when no previous checkpoint exists." + defaultCheckpoint: AzureEventHubsCheckpointInput +} + +"Data for updating the credentials for an ingest feed which uses Azure Event Hubs." +input UpdateAzureEventHubIngestFeedCredentials { + "Name of the repository of the ingest feed." + repositoryName: RepoOrViewName! + + "Id of the ingest feed." + id: String! + + "Authentication method for Azure event hub." + authentication: AzureEventHubsAuthenticationUpdate! +} + +input UpdateCrossOrganizationViewConnectionFiltersInput { + name: String! + connectionsToUpdate: [CrossOrganizationViewConnectionInputModel!]! +} + +input UpdateCustomLinkInteractionInput { + path: String! + interactionId: String! + customLinkInteractionInput: CustomLinkInteractionInput! +} + +"Data for updating a dashboard from a YAML specification." +input UpdateDashboardFromTemplateInput { + "Name of the view of the dashboard." + viewName: RepoOrViewName! + + "Id of the dashboard." + id: String! + + "YAML specification of the dashboard." + yamlTemplate: YAML! +} + +input UpdateDashboardInput { + id: String! + name: String + labels: [String!] + widgets: [WidgetInput!] + sections: [SectionInput!] + links: [LinkInput!] + defaultFilterId: String + filters: [FilterInput!] + parameters: [ParameterInput!] + description: String + timeJumpSizeInMs: Int + updateFrequency: DashboardUpdateFrequencyInput + defaultSharedTimeStart: String + defaultSharedTimeEnd: String + defaultSharedTimeEnabled: Boolean + series: [SeriesConfigInput!] + seriesColorPalette: String +} + +input UpdateDashboardLinkInteractionInput { + path: String! + interactionId: String! + dashboardLinkInteractionInput: DashboardLinkInteractionInput! } -""" -Information about a scheduled report layout -""" -type ScheduledReportLayout { -""" -Paper size. Supported types are A4 and Letter. -Stability: Long-term -""" - paperSize: String! -""" -Paper orientation. Supported types are Landscape and Portrait. -Stability: Long-term -""" - paperOrientation: String! -""" -Paper layout. Supported types are List and Grid. -Stability: Long-term -""" - paperLayout: String! -""" -Flag indicating whether to show report description. -Stability: Long-term -""" - showDescription: Boolean -""" -Flag indicating whether to show title on frontpage. -Stability: Long-term -""" - showTitleFrontpage: Boolean! -""" -Flag indicating whether to show parameters. -Stability: Long-term -""" - showParameters: Boolean! -""" -Max number of rows to display in tables. -Stability: Long-term -""" - maxNumberOfRows: Int! -""" -Flag indicating whether to show title header. -Stability: Long-term -""" - showTitleHeader: Boolean! -""" -Flag indicating whether to show export date. -Stability: Long-term -""" - showExportDate: Boolean! -""" -Flag indicating whether to show footer page numbers. -Stability: Long-term -""" - footerShowPageNumbers: Boolean! +type UpdateDashboardMutation { + "Stability: Long-term" + dashboard: Dashboard! @stability(level: LongTerm) } -""" -Information about a scheduled search -""" -type ScheduledSearch { -""" -Id of the scheduled search. -Stability: Long-term -""" - id: String! -""" -Name of the scheduled search. -Stability: Long-term -""" - name: String! -""" -Description of the scheduled search. -Stability: Long-term -""" - description: String -""" -LogScale query to execute. -Stability: Long-term -""" - queryString: String! -""" -Start of the relative time interval for the query. -""" - start: String! -""" -End of the relative time interval for the query. -""" - end: String! -""" -Search interval in seconds. -Stability: Long-term -""" - searchIntervalSeconds: Long! -""" -Offset of the search interval in seconds. Only present when 'queryTimestampType' is EventTimestamp. -Stability: Long-term -""" - searchIntervalOffsetSeconds: Long -""" -Maximum number of seconds to wait for ingest delay. Only present when 'queryTimestampType' is IngestTimestamp. -Stability: Long-term -""" - maxWaitTimeSeconds: Long -""" -Time zone of the schedule. Currently this field only supports UTC offsets like 'UTC', 'UTC-01' or 'UTC+12:45'. -Stability: Long-term -""" - timeZone: String! -""" -Cron pattern describing the schedule to execute the query on. -Stability: Long-term -""" - schedule: String! -""" -User-defined limit, which caps the number of missed searches to backfill, e.g. in the event of a shutdown. If the 'queryTimestampType' is IngestTimestamp this field is not used, but due to backwards compatibility a value of 0 is returned. -""" - backfillLimit: Int! -""" -User-defined limit, which caps the number of missed searches to backfill, e.g. in the event of a shutdown. Only present when 'queryTimestampType' is EventTimestamp. -Stability: Long-term -""" - backfillLimitV2: Int -""" -Timestamp type to use for the query. -Stability: Long-term -""" - queryTimestampType: QueryTimestampType! -""" -Flag indicating whether the scheduled search is enabled. -Stability: Long-term -""" - enabled: Boolean! -""" -List of Ids for actions to fire on query result. -Stability: Long-term -""" - actions: [String!]! -""" -List of actions to fire on query result. -Stability: Long-term -""" - actionsV2: [Action!]! -""" -Id of user which the scheduled search is running as. -Stability: Long-term -""" - runAsUser: User -""" -Unix timestamp for when last query execution finished. -""" - lastScheduledSearch: Long -""" -Unix timestamp for end of search interval for last query execution. -Stability: Long-term -""" - lastExecuted: Long -""" -Unix timestamp for end of search interval for last query execution that triggered. -Stability: Long-term -""" - lastTriggered: Long -""" -Unix timestamp for next planned search. -Stability: Long-term -""" - timeOfNextPlannedExecution: Long -""" -Last error encountered while running the search. -Stability: Long-term -""" - lastError: String -""" -Last warnings encountered while running the scheduled search. -Stability: Long-term -""" - lastWarnings: [String!]! -""" -Labels added to the scheduled search. -Stability: Long-term -""" - labels: [String!]! -""" -Flag indicating whether the calling user has 'starred' the scheduled search. -""" - isStarred: Boolean! -""" -A template that can be used to recreate the scheduled search. -Stability: Long-term -""" - yamlTemplate: YAML! -""" -Stability: Long-term -""" - packageId: VersionedPackageSpecifier -""" -Stability: Long-term -""" - package: PackageInstallation -""" -User or token used to modify the asset. -Stability: Preview -""" - modifiedInfo: ModifiedInfo! -""" -Ownership of the query run by this scheduled search -Stability: Long-term -""" - queryOwnership: QueryOwnership! -""" -Allowed asset actions -Stability: Preview -""" - allowedActions: [AssetAction!]! -""" -The resource identifier for this scheduled search. -Stability: Short-term -""" - resource: String! +input UpdateDefaultQueryPrefixInput { + queryPrefix: String + groupId: String! } -type ScheduledSearchTemplate { -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - displayName: String! -""" -Stability: Long-term -""" - yamlTemplate: String! -""" -Stability: Long-term -""" - labels: [String!]! +type UpdateDefaultQueryPrefixMutation { + "Stability: Long-term" + group: Group! @stability(level: LongTerm) } -type SchemaField { -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - description: String +input UpdateDefaultRoleInput { + roleId: String + groupId: String! } -""" -An asset permissions search result entry -""" -type SearchAssetPermissionsResultEntry { -""" -The unique id for the Asset -Stability: Preview -""" - assetId: String! -""" -The name of the Asset -Stability: Preview -""" - assetName: String! -""" -The type of the Asset -Stability: Preview -""" - assetType: AssetPermissionsAssetType! -""" -The search domain that the asset belongs to -Stability: Preview -""" - searchDomain: SearchDomain -""" -The asset actions allowed for this asset -Stability: Preview -""" - permissions: [AssetAction!]! -""" -The resource string representation of this asset. Can be used for assigning asset permissions for this asset -Stability: Preview -""" - resource: String! +"Type for updating the description. If the description should be cleared, supply an `UpdateDescription` object with no value or a `null` value. If the description should be changed, supply an `UpdateDescription`object with the desired value." +input UpdateDescription { + "Description of the FDR feed." + value: String } -""" -Common interface for Repositories and Views. -""" -interface SearchDomain { -""" -Common interface for Repositories and Views. -""" - id: String! -""" -Common interface for Repositories and Views. -""" - name: RepoOrViewName! -""" -Common interface for Repositories and Views. -""" - description: String -""" -Common interface for Repositories and Views. -""" - deletedDate: Long -""" -Common interface for Repositories and Views. -""" - permanentlyDeletedAt: Long -""" -Common interface for Repositories and Views. -""" - isStarred: Boolean! -""" -Common interface for Repositories and Views. -""" - searchLimitedMs: Long -""" -Common interface for Repositories and Views. -""" - reposExcludedInSearchLimit: [String!]! -""" -Common interface for Repositories and Views. -""" - packageV2( - packageId: VersionedPackageSpecifier! - ): Package2! -""" -Common interface for Repositories and Views. -""" - packageVersions( - packageId: UnversionedPackageSpecifier! - ): [RegistryPackageVersionInfo!]! -""" -Common interface for Repositories and Views. -""" - availablePackages( - filter: String - tags: [PackageTag!] - categories: [String!] - ): [PackageRegistrySearchResultItem!]! -""" -Common interface for Repositories and Views. -""" - installedPackages: [PackageInstallation!]! -""" -Common interface for Repositories and Views. -""" - hasPackageInstalled( - packageId: VersionedPackageSpecifier! - ): Boolean! -""" -Common interface for Repositories and Views. -""" - users: [User!]! -""" -Common interface for Repositories and Views. -""" - usersAndGroups( - search: String - skip: Int - limit: Int - ): UsersAndGroupsSearchResultSet! -""" -Common interface for Repositories and Views. -""" - usersV2( - search: String - permissionFilter: Permission - skip: Int - limit: Int - ): Users! -""" -Common interface for Repositories and Views. -""" - groups: [Group!]! -""" -Common interface for Repositories and Views. -""" - starredFields: [String!]! -""" -Common interface for Repositories and Views. -""" - recentQueriesV2: [RecentQuery!]! -""" -Common interface for Repositories and Views. -""" - automaticSearch: Boolean! -""" -Common interface for Repositories and Views. -""" - isActionAllowed( - action: ViewAction! - ): Boolean! -""" -Common interface for Repositories and Views. -""" - allowedViewActions: [ViewAction!]! -""" -Common interface for Repositories and Views. -""" - viewerQueryPrefix: String! -""" -Common interface for Repositories and Views. -""" - tags: [String!]! -""" -Common interface for Repositories and Views. -""" - resource: String! -""" -Common interface for Repositories and Views. -""" - interactions: [ViewInteraction!]! -""" -Common interface for Repositories and Views. -""" - alert( - id: String! - ): Alert! -""" -Common interface for Repositories and Views. -""" - alerts: [Alert!]! -""" -Common interface for Repositories and Views. -""" - dashboard( - id: String! - ): Dashboard! -""" -Common interface for Repositories and Views. -""" - dashboards: [Dashboard!]! -""" -Common interface for Repositories and Views. -""" - filterAlert( - id: String! - ): FilterAlert! -""" -Common interface for Repositories and Views. -""" - filterAlerts: [FilterAlert!]! -""" -Common interface for Repositories and Views. -""" - aggregateAlert( - id: String! - ): AggregateAlert! -""" -Common interface for Repositories and Views. -""" - aggregateAlerts: [AggregateAlert!]! -""" -Common interface for Repositories and Views. -""" - scheduledSearch( - id: String! - ): ScheduledSearch! -""" -Common interface for Repositories and Views. -""" - scheduledSearches: [ScheduledSearch!]! -""" -Common interface for Repositories and Views. -""" - action( - id: String! - ): Action! -""" -Common interface for Repositories and Views. -""" - actions( - actionIds: [String!] - ): [Action!]! -""" -Common interface for Repositories and Views. -""" - savedQuery( - id: String! - ): SavedQuery! -""" -Common interface for Repositories and Views. -""" - savedQueries: [SavedQuery!]! -""" -Common interface for Repositories and Views. -""" - defaultQuery: SavedQuery -""" -Common interface for Repositories and Views. -""" - files: [File!]! -""" -Common interface for Repositories and Views. -""" - fileFieldSearch( - fileName: String! - fieldName: String! - prefixFilter: String - valueFilters: [FileFieldFilterType!]! - fieldsToInclude: [String!]! - maxEntries: Int! - ): [[DictionaryEntryType!]!]! -""" -Common interface for Repositories and Views. -""" - scheduledReports: [ScheduledReport!]! -""" -Common interface for Repositories and Views. -""" - scheduledReport( - id: String! - ): ScheduledReport +type UpdateDescriptionMutation { + "Stability: Long-term" + description: String! @stability(level: LongTerm) } -""" -An asset in a search domain. -""" -type SearchDomainAsset { -""" -The id of the asset. -Stability: Preview -""" - id: String! -""" -The name of the asset. -Stability: Preview -""" - name: String! -""" -The type of the asset. -Stability: Preview -""" - assetType: AssetPermissionsAssetType! -""" -The id of the search domain. -Stability: Preview -""" - searchDomainId: String! -""" -The name of the search domain. -Stability: Preview -""" - searchDomainName: String! -""" -The resource string representation of this asset. Can be used for assigning asset permissions for this asset -Stability: Preview -""" - resource: String! +"Data for updating an email action." +input UpdateEmailAction { + "Name of the view of the action." + viewName: String! + + "Id of the action." + id: String! + + "Name of the action." + name: String! + + "List of email addresses to send an email to." + recipients: [String!]! + + "Subject of the email. Can be templated with values from the result." + subjectTemplate: String + + "Body of the email. Can be templated with values from the result." + bodyTemplate: String + + "Defines whether the action should use the configured HTTP proxy to send requests." + useProxy: Boolean! + + "Whether the result set should be attached as a CSV file." + attachCsv: Boolean = false + + "Labels to categorize the action." + labels: [String!] +} + +"Data for updating an event forwarding rule" +input UpdateEventForwardingRule { + "The name of the repository that the event forwarding rule is for" + repoName: String! + + "The unique id for the event forwarding rule" + id: String! + + "The query string for filtering and mapping the events to forward" + queryString: String! + + "The id of the event forwarder" + eventForwarderId: String! + languageVersion: LanguageVersionEnum = legacy +} + +"Data for updating an FDR feed. Note that the fields, apart from `id` and `repositoryName`, only need to be supplied if the field should be changed." +input UpdateFdrFeed { + "Name of the repository of the FDR feed." + repositoryName: String! + + "Id of the FDR feed." + id: String! + + "Name of the FDR feed. If the field should not be updated, leave it out or let the value be `null`." + name: String + + "Description of the FDR feed. If the field should not be updated, leave it out or let the value be `null`. If the description should be cleared, supply an `UpdateDescription` object with no value or a `null` value. If the description should be changed, supply an `UpdateDescription`object with the desired value." + description: UpdateDescription + + "The id or name of the parser that should be used to parse the FDR data. We recommend using the FDR parser from the crowdstrike/fdr package, which can be referred to as \"crowdstrike/fdr:FDR\". If the field should not be updated, leave it out or let the value be `null`." + parser: String + + "AWS client id of the FDR feed. If the field should not be updated, leave it out or let the value be `null`." + clientId: String + + "AWS client secret of the FDR feed. If the field should not be updated, leave it out or let the value be `null`." + clientSecret: String + + "AWS SQS queue url of the FDR feed. If the field should not be updated, leave it out or let the value be `null`." + sqsUrl: String + + "AWS S3 Identifier of the FDR feed. If the field should not be updated, leave it out or let the value be `null`." + s3Identifier: String + + "Is ingest from the FDR feed enabled? If the field should not be updated, leave it out or let the value be `null`." + enabled: Boolean } -""" -A result set containing information about search domain assets. -""" -type SearchDomainAssetsResultSet { -""" -The total number of matching results. -Stability: Preview -""" - totalResults: Int! -""" -The paginated result set. -Stability: Preview -""" - results: [SearchDomainAsset!]! +"Data for updating the administrator control of an FDR feed." +input UpdateFdrFeedControl { + "Name of the repository of the FDR feed." + repositoryName: String! + + "Id of the FDR feed." + id: String! + + "Maximum number of nodes to poll FDR feed with If the value should be cleared, supply an `UpdateLong` object the with no value or a `null` value. If the setting should be changed, supply a `UpdateLong` object with the desired value. If this value is left out the underlying value will not change" + maxNodes: UpdateLong + + "Maximum amount of files downloaded from s3 in parallel for a single node. If the value should be cleared, supply an `UpdateLong` object the with no value or a `null` value. If the setting should be changed, supply a `UpdateLong` object with the desired value. If this value is left out the underlying value will not change" + fileDownloadParallelism: UpdateLong } -""" -A page of searchDomains. -""" -type SearchDomainPage { -""" -Stability: Long-term -""" - pageInfo: PageType! -""" -Stability: Long-term -""" - page: [SearchDomain!]! +"Input object for field updateFieldAliasMapping" +input UpdateFieldAliasMappingInput { + "ID of the schema that the alias mapping exists on." + schemaId: String! + + "Alias mapping ID" + aliasMappingId: String! + + "Name of the Alias mapping. Overrides the existing name. If not supplied then the name will be unchanged." + name: String + + "Tags of the alias mapping. Overrides the existing tags. If not supplied then the tags will be unchanged." + tags: [TagsInput!] + aliases: [AliasInfoInput!] + + "Source fields that are aliased, but should still be available in query. Overrides the existing values for this field. If not supplied then this field will be unchanged." + originalFieldsToKeep: [String!] } -""" -The role assigned in a searchDomain. -""" -type SearchDomainRole { -""" -Stability: Long-term -""" - searchDomain: SearchDomain! -""" -Stability: Long-term -""" - role: Role! +"Input object for field updateFieldAliasSchema" +input UpdateFieldAliasSchemaInput { + "Schema ID." + id: String! + + "Name of the schema. Overrides the existing name. If not supplied then the name will be unchanged." + name: String + + "Fields of the schema. Overrides the existing fields. If not supplied then the fields will be unchanged." + fields: [SchemaFieldInput!] + + "Alias mappings on the schema. Overrides the existing alias mappings. If not supplied then the alias mapping will be unchanged." + aliasMappings: [AliasMappingInput!] } -""" -The search domain search result set -""" -type SearchDomainSearchResultSet { -""" -The total number of matching results -Stability: Long-term -""" - totalResults: Int! -""" -The paginated result set -Stability: Long-term -""" - results: [SearchDomain!]! +"Data for updating a filter alert" +input UpdateFilterAlert { + "Name of the view of the filter alert." + viewName: RepoOrViewName! + + "Id of the filter alert." + id: String! + + "Name of the filter alert." + name: String! + + "Description of the filter alert." + description: String + + "LogScale query to execute." + queryString: String! + + "List of ids or names for actions to fire on query result. At most 10 actions can be added. Actions in packages can be referred to as \"packagescope/packagename:actionname\"." + actionIdsOrNames: [String!]! + + "Labels attached to the filter alert." + labels: [String!]! + + "Flag indicating whether the filter alert is enabled." + enabled: Boolean! + + "Throttle time in seconds." + throttleTimeSeconds: Long + + "A field to throttle on. Can only be set if throttleTimeSeconds is set." + throttleField: String + + "The filter alert will run with the permissions of the user corresponding to this id if 'queryOwnershipType' is set to User. If 'queryOwnershipType' is set to Organization, whilst 'runAsUserId' is set, this will result in an error. If not specified, the scheduled search will run with the permissions of the calling user. It requires the 'ChangeTriggersToRunAsOtherUsers' permission to set this field to a user id different from the calling user." + runAsUserId: String + + "Ownership of the query run by this filter alert. If value is User, ownership will be based on the 'runAsUserId' field." + queryOwnershipType: QueryOwnershipType! } -enum SearchDomainTypes { - All - Views - Repository +input UpdateGroupInput { + groupId: String! + displayName: String + lookupName: String } -""" -Aggregations for search fleet result set -""" -type SearchFleetAggregations { -""" -Stability: Short-term -""" - status: SearchFleetStatus! -""" -Stability: Short-term -""" - versions: [SearchFleetVersions!]! -""" -Stability: Short-term -""" - allVersions: [String!]! -""" -Stability: Short-term -""" - os: SearchFleetSystems! -""" -Stability: Short-term -""" - ingest: SearchFleetIngest! +type UpdateGroupMutation { + "Stability: Long-term" + group: Group! @stability(level: LongTerm) } -""" -The fleet search has not finished yet -""" -type SearchFleetInProgress { -""" -Stability: Short-term -""" - queryState: String! -""" -Stability: Short-term -""" - totalResultsInfo: SearchFleetTotalResultInfo! -""" -The total number of matching results -Stability: Short-term -""" - totalResults: Int! -""" -Aggregations of the result set -Stability: Short-term -""" - aggregations: SearchFleetAggregations -""" -The paginated result set -Stability: Short-term -""" - results: [LogCollector!]! +"Data for updating a LogScale repository action." +input UpdateHumioRepoAction { + "Name of the view of the action." + viewName: String! + + "Id of the action." + id: String! + + "Name of the action." + name: String! + + "Humio ingest token for the dataspace that the action should ingest into." + ingestToken: String! + + "Labels to categorize the action." + labels: [String!] } -""" -Ingest aggregation for search fleet result set -""" -type SearchFleetIngest { -""" -Stability: Short-term -""" - volume: Long! +"Type for updating the description. If the description should be cleared, supply an `UpdateDescription` object with no value or a `null` value. If the description should be changed, supply an `UpdateDescription`object with the desired value." +input UpdateIngestFeedDescription { + "Type for updating the description. If the description should be cleared, supply an `UpdateDescription` object with no value or a `null` value. If the description should be changed, supply an `UpdateDescription`object with the desired value." + description: String } -""" -A fleet installation token search result set -""" -type SearchFleetInstallationTokenResultSet { -""" -The total number of matching results -Stability: Short-term -""" - totalResults: Int! -""" -The paginated result set -Stability: Short-term -""" - results: [FleetInstallationToken!]! +"Input data to update an ingest listener" +input UpdateIngestListenerV3Input { + "id of the ingest listener." + id: String! + + "Name of the repository." + repositoryName: String! + + "The port the ingest listener will listen on." + port: Int! + + "The kind of listener; TCP, UDP, Netflow/UDP, GELF/UDP, GELF/TCP." + protocol: IngestListenerProtocol! + + "The vHost name for the ingest listener." + vHost: Int + + "Name of the ingest listener." + name: String! + + "The ip address the ingest listener will bind to." + bindInterface: String! + + "Id or name of the parser to assign to the ingest listener. Parsers in packages can be referred to as \"packagescope/packagename:parsername\"." + parser: String! + + "The charset used to decode the event stream." + charset: String! } -enum SearchFleetOsFilter { - Unknown - MacOS - Linux - Windows +"Data for updating a Kafka event forwarder" +input UpdateKafkaEventForwarder { + "Id of the event forwarder" + id: String! + + "Name of the event forwarder" + name: String! + + "Description of the event forwarder" + description: String! + + "The Kafka producer configuration used to forward events in the form of properties (x.y.z=abc). See https://library.humio.com/humio-server/ingesting-data-event-forwarders.html#kafka-configuration." + properties: String! + + "The Kafka topic the events should be forwarded to" + topic: String! + + "Is the event forwarder enabled" + enabled: Boolean = true } -""" -A fleet search result set -""" -type SearchFleetResultSet { -""" -Stability: Short-term -""" - queryState: String! -""" -Stability: Short-term -""" - totalResultsInfo: SearchFleetTotalResultInfo! -""" -The total number of matching results -Stability: Short-term -""" - totalResults: Int! -""" -Aggregations of the result set -Stability: Short-term -""" - aggregations: SearchFleetAggregations -""" -The paginated result set -Stability: Short-term -""" - results: [LogCollector!]! +input UpdateLimitInput { + limitName: String! + allowLogin: Boolean + dailyIngest: Long + retention: Int + allowSelfService: Boolean + expiration: Long + contractVersion: Organizations__ContractVersion + userLimit: Int } -""" -Status aggregation for search fleet result set -""" -type SearchFleetStatus { -""" -Stability: Short-term -""" - errored: Int! -""" -Stability: Short-term -""" - ok: Int! +input UpdateLimitInputV2 { + id: String! + name: String + allowLogin: Boolean + dailyIngest: Long + dailyIngestContractualType: Organizations__ContractualType + storageContractualType: Organizations__ContractualType + dailyScanContractualType: Organizations__ContractualType + measurementType: Organizations__MeasurementType + dailyScan: Long + retention: Int + maxRetention: Int + allowSelfService: Boolean + expiration: Long + userLimit: Int + dateType: String + trial: Boolean + allowFlightControl: Boolean + repositoryLimit: Int +} + +"Data for updating a local cluster connection" +input UpdateLocalClusterConnectionInput { + "Name or id of the multi-cluster view that has the connection" + multiClusterViewName: String! + + "Id of the connection to update" + connectionId: String! + + "Name or id of the local view to connect with" + targetViewName: String + + "Additional tags that can be used to filter queries" + tags: [ClusterConnectionInputTag!] + + "Filter query that restricts the data visible through this connection" + queryPrefix: String } -enum SearchFleetStatusFilter { - Error - OK +"If the value should be cleared, supply an `UpdateLong` object the with no value or a `null` value. If the setting should be changed, supply a `UpdateLong` object with the desired value." +input UpdateLong { + value: Int } -""" -Systems aggregation for search fleet result set -""" -type SearchFleetSystems { -""" -Stability: Short-term -""" - windows: Int! -""" -Stability: Short-term -""" - macOs: Int! -""" -Stability: Short-term -""" - linux: Int! +"The mode for the file update. `overwrite` replaces any existing file, `append` appends the new content to the existing file, and `update` updates rows in the existing file, based on matching values in the keyColumns field." +enum UpdateMode { + Overwrite + Append + Update } -""" -Information about the returned result set. -""" -union SearchFleetTotalResultInfo =OnlyTotal | GroupFilterInfo +input UpdateOidcConfigurationInput { + id: String! + name: String! + clientID: String! + clientSecret: String! + issuer: String! + tokenEndpointAuthMethod: String! + authorizationEndpoint: String! + tokenEndpoint: String + userInfoEndpoint: String + registrationEndpoint: String + groupsClaim: String + JWKSEndpoint: String + domains: [String!]! + scopes: [String!]! + userClaim: String! + enableDebug: Boolean! + defaultIdp: Boolean + humioOwned: Boolean + lazyCreateUsers: Boolean + federatedIdp: String + scopeClaim: String +} + +"Data for updating an OpsGenie action" +input UpdateOpsGenieAction { + "Name of the view of the action." + viewName: String! -""" -Query result for search fleet -""" -union SearchFleetUnion =SearchFleetResultSet | SearchFleetInProgress + "Id of the action." + id: String! -input SearchFleetVersionFilter { - version: String - needsUpdate: Boolean + "Name of the action." + name: String! + + "OpsGenie webhook url to send the request to." + apiUrl: String! + + "Key to authenticate with OpsGenie." + genieKey: String! + + "Defines whether the action should use the configured HTTP proxy to send requests." + useProxy: Boolean! + + "Labels to categorize the action." + labels: [String!] } -""" -Version aggregation for search fleet result set -""" -type SearchFleetVersions { -""" -Stability: Short-term -""" - version: String! -""" -Stability: Short-term -""" - count: Int! +input UpdateOrganizationPermissionsTokenPermissionsInput { + id: String! + permissions: [OrganizationPermission!]! } -type SearchLinkInteraction { -""" -Stability: Long-term -""" - repoOrViewName: RepoOrViewName -""" -Stability: Long-term -""" - queryString: String! -""" -Stability: Long-term -""" - arguments: [DictionaryEntryType!]! -""" -Stability: Long-term -""" - openInNewTab: Boolean! -""" -Stability: Long-term -""" - useWidgetTimeWindow: Boolean! +input UpdatePackageFromRegistryInput { + viewName: RepoOrViewName! + packageId: VersionedPackageSpecifier! + conflictResolutions: [ConflictResolutionConfiguration!]! + queryOwnershipType: QueryOwnershipType = User } -""" -A log collector configuration search result set -""" -type SearchLogCollectorConfigurationResultSet { -""" -The total number of matching results -Stability: Short-term -""" - totalResults: Int! -""" -The paginated result set -Stability: Short-term -""" - results: [LogCollectorConfiguration!]! +"Data for updating a PagerDuty action" +input UpdatePagerDutyAction { + "Name of the view of the action." + viewName: String! + + "Id of the action." + id: String! + + "Name of the action." + name: String! + + "Severity level to give to the message." + severity: String! + + "Routing key to authenticate with PagerDuty." + routingKey: String! + + "Defines whether the action should use the configured HTTP proxy to send requests." + useProxy: Boolean! + + "Labels to categorize the action." + labels: [String!] } -""" -A log collector group search result set -""" -type SearchLogCollectorGroupsResultSet { -""" -The total number of matching results -Stability: Short-term -""" - totalResults: Int! -""" -The paginated result set -Stability: Short-term -""" - results: [LogCollectorGroup!]! +type UpdateParametersInteraction { + "Stability: Long-term" + arguments: [DictionaryEntryType!]! @stability(level: LongTerm) + + "Stability: Long-term" + useWidgetTimeWindow: Boolean! @stability(level: LongTerm) } -type SearchResult { -""" -The total number of results that matched the search query. Only [pageSize] elements will be returned. -Stability: Preview -""" - totalResults: Int! -""" -Stability: Preview -""" - data: [EntitySearchResultEntity!]! -""" -Stability: Preview -""" - cursor: String -""" -Stability: Preview -""" - hasNextPage: Boolean! -""" -Stability: Preview -""" - hasPreviousPage: Boolean! +input UpdateParametersInteractionInput { + name: String! + titleTemplate: String + arguments: [ArgumentInput!]! + useWidgetTimeWindow: Boolean! + fieldInteractionConditions: [FieldInteractionConditionInput!] } -enum Searchdomain__SortBy { - Name - Volume - DeletedAt - LimitName +"Data for updating a parser from a YAML template" +input UpdateParserFromTemplateInput { + "Name of the repo to install the parser in" + repositoryName: RepoOrViewName! + + "Id of the parser" + id: String! + + "YAML specification of the parser." + yamlTemplate: YAML! } -""" -A dashboard section. -""" -type Section { -""" -Stability: Long-term -""" - id: String! -""" -Stability: Long-term -""" - title: String -""" -Stability: Long-term -""" - description: String -""" -Stability: Long-term -""" - collapsed: Boolean! -""" -Stability: Long-term -""" - timeSelector: TimeInterval -""" -Stability: Long-term -""" - widgetIds: [String!]! -""" -Stability: Long-term -""" - order: Int! +"Input for updating a parser." +input UpdateParserInputV2 { + "The repository where the parser lives." + repositoryName: RepoOrViewName! + + "The ID of the parser to update." + id: String! + + "The name to use for the parser." + name: String + + "Input for updating the parser script." + script: UpdateParserScriptInput + + "Test cases that can be used to help verify that the parser works as expected." + testCases: [ParserTestCaseInput!] + + "Fields that are used as tags." + fieldsToTag: [String!] + + "A list of fields that will be removed from the event before it's parsed. These fields will not be included when calculating usage." + fieldsToBeRemovedBeforeParsing: [String!] +} + +"Input for updating the parser script." +input UpdateParserScriptInput { + "The parser script that is executed for every incoming event." + script: String! + + "A specific language version. If no version is provided, the version already set on the parser will be used." + languageVersion: LanguageVersionInputType } -scalar SemanticVersion +"Data for updating a post-message Slack action" +input UpdatePostMessageSlackAction { + "Name of the view of the action." + viewName: String! -type SeriesConfig { -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - title: String -""" -Stability: Long-term -""" - color: String -} + "Id of the action." + id: String! -""" -Metadata about a registered service -""" -type ServiceMetadata { -""" -The name of the service -Stability: Preview -""" - name: String! -""" -The type of the service -Stability: Preview -""" - serviceType: String! -""" -The endpoint of the service -Stability: Preview -""" - endpointUrl: String! -""" -The version of the service -Stability: Preview -""" - version: String! -""" -The health status of the service -Stability: Preview -""" - healthStatus: HealthStatus! -} + "Name of the action." + name: String! -""" -An active session. -""" -type Session { -""" -The id of the session -Stability: Long-term -""" - id: String! -""" -Client info. -Stability: Long-term -""" - clientInfo: String! -""" -Approximate city from IP -Stability: Long-term -""" - city: String -""" -Country from IP -Stability: Long-term -""" - country: String -""" -The IP of the client when the session was created. -Stability: Long-term -""" - ip: String! -""" -The user that created the session. -Stability: Long-term -""" - user: User! -""" -The time at which the session was created. -Stability: Long-term -""" - createdAt: Long -""" -The time at which the session was last active. -Stability: Long-term -""" - lastActivityAt: Long -""" -If the session is the current session for the user. -Stability: Long-term -""" - isCurrentSession: Boolean! + "Api token to authenticate with Slack." + apiToken: String! + + "List of Slack channels to message." + channels: [String!]! + + "Fields to include within the Slack message. Can be templated with values from the result." + fields: [SlackFieldEntryInput!]! + + "Defines whether the action should use the configured HTTP proxy to send requests." + useProxy: Boolean! + + "Labels to categorize the action." + labels: [String!] } -""" -The session query result set -""" -type SessionQueryResultSet { -""" -The total number of matching results -Stability: Long-term -""" - totalResults: Int! -""" -The paginated result set -Stability: Long-term -""" - results: [Session!]! +input UpdateQueryPrefixInput { + queryPrefix: String! + viewId: String! + groupId: String! } -enum Sessions__Filter_Level { - Organization - User +type UpdateQueryPrefixMutation { + "Stability: Long-term" + group: Group! @stability(level: LongTerm) } -enum Sessions__SortBy { - LastActivityTime - LoginTime - IPAddress - Location - ClientInfo - User +"Data for updating a remote cluster connection" +input UpdateRemoteClusterConnectionInput { + "Name or id of the multi-cluster view that has the connection" + multiClusterViewName: String! + + "Id of the connection to update" + connectionId: String! + + "Public URL of the remote cluster to connect with" + publicUrl: String + + "Access token for the remote view to connect with" + token: String + + "Additional tags that can be used to filter queries" + tags: [ClusterConnectionInputTag!] + + "Filter query that restricts the data visible through this connection" + queryPrefix: String } -""" -Output diagnostic from query validation. -""" -enum Severity { - Error - Warning - Information - Hint +input UpdateRepoDataTypeInputObject { + dataspaceId: String! + repoDataType: RepositoryDataType! } -""" -Represents information about a dashboard shared through a link. -""" -type SharedDashboard { -""" -Stability: Long-term -""" - id: String! -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - displayName: String! -""" -The ip filter on the shared dashboard. -Stability: Long-term -""" - ipFilter: IPFilter -""" -Stability: Long-term -""" - sharedTimeInterval: SharedDashboardTimeInterval -""" -The name of the repository or view queries are executed against. -Stability: Long-term -""" - repoOrViewName: RepoOrViewName! -""" -Stability: Long-term -""" - widgets: [Widget!]! -""" -Stability: Long-term -""" - sections: [Section!]! -""" -Stability: Long-term -""" - series: [SeriesConfig!]! -""" -The resource identifier for this dashboard. -Stability: Short-term -""" - resource: String! +input UpdateRepoLimitIdInputObject { + dataspaceId: String! + limitId: String! } -""" -Time Interval that is active on all dashboard widgets -""" -type SharedDashboardTimeInterval { -""" -Stability: Long-term -""" - isLive: Boolean! -""" -Stability: Long-term -""" - start: String! -""" -Stability: Long-term -""" - end: String! +type UpdateRetentionMutation { + "Stability: Long-term" + repository: SearchDomain! @stability(level: LongTerm) } -""" -Security policies for shared dashboards in the organization -""" -type SharedDashboardsSecurityPolicies { -""" -Whether shared dashboard tokens are enabled -Stability: Short-term -""" - sharedDashboardsEnabled: Boolean! -""" -The IP filter that is enforced on all shared dashboards -Stability: Short-term -""" - enforceIpFilter: IPFilter +input UpdateRoleInput { + roleId: String! + displayName: String! + viewPermissions: [Permission!]! + description: String + color: String + systemPermissions: [SystemPermission!] + organizationPermissions: [OrganizationPermission!] + objectAction: ObjectAction + organizationManagementPermissions: [OrganizationManagementPermission!] } -enum ShowTermsAndConditions { - StandardMandatoryDoDNoticeAndConsent - LogScaleEula - None +type UpdateRoleMutation { + "Stability: Long-term" + role: Role! @stability(level: LongTerm) } -enum SocialLoginField { - AllowAll - DenyAll - AllowSelected +"Data for updating an S3 action" +input UpdateS3Action { + "Name of the view of the action." + viewName: RepoOrViewName! + + "ARN of the role to be assumed." + roleArn: String! + + "Id of the action." + id: String! + + "Name of the action." + name: String! + + "Labels to categorize the action. There can be at most 10 labels with a max length of 60 characters per label." + labels: [String!]! + + "AWS region. For options see: https://docs.aws.amazon.com/general/latest/gr/s3.html" + awsRegion: String! + + "Name of the bucket." + bucketName: String! + + "Name of the file(s). You can use most message templates for this. See documentation for S3 action: https://library.humio.com/data-analysis/automated-actions-s3.html" + fileName: String! + + "Output format type for the result. Can be either NDJSON or CSV." + outputFormat: S3ActionEventOutputFormat! + + "Whether to output metadata for the result. Metadata will be output as a separate JSON file." + outputMetadata: Boolean! + + "Defines whether the action should use the configured HTTP proxy to send requests." + useProxy: Boolean! } -""" -Social login configuration for the organization -""" -type SocialLoginSettings { -""" -Social provider -Stability: Short-term -""" - provider: SocialProviderProfile! -""" -Filter -Stability: Short-term -""" - filter: SocialLoginField! -""" -Allowed users -Stability: Short-term -""" - allowList: [User!]! +"Data for updating a saved query from a YAML template." +input UpdateSavedQueryFromTemplateInput { + "The name of the view where the saved query is located." + viewName: RepoOrViewName! + + "The id of the saved query to update" + id: String! + + "The YAML template for the saved query." + yamlTemplate: YAML! } -enum SocialProviderProfile { - Google - Github - Bitbucket +input UpdateSavedQueryInput { + id: String! + name: String + description: String + viewName: String! + queryString: String + start: String + end: String + isLive: Boolean + widgetType: String + options: String + labels: [String!] + dashboardLinkInteractions: [DashboardLinkInteractionInput!] + customLinkInteractions: [CustomLinkInteractionInput!] + searchLinkInteractions: [SearchLinkInteractionInput!] + updateParametersInteractions: [UpdateParametersInteractionInput!] } -""" -The sort by options for assets. -""" -enum SortBy { - Name - SearchDomain +type UpdateSavedQueryPayload { + "Stability: Long-term" + savedQuery: SavedQuery! @stability(level: LongTerm) } -""" -Field to sort queries by -""" -enum SortField { - InitiatedBy - View - Age - Status - DeltaTotalMemoryAllocation - TotalMemoryAllocation - DeltaLiveCPU - TotalLiveCPU - DeltaStaticCPU - TotalStaticCPU - DeltaStaticCost - DeltaLiveCost - DeltaTotalCost - StaticCost - LiveCost - TotalCost +"Data for updating a scheduled report." +input UpdateScheduledReportInput { + "Name of the view of the scheduled report." + viewName: String! + + "Id of the scheduled report." + id: String! + + "Name of the scheduled report." + name: String + + "Password used to protect any generated reports." + password: String + + "Flag indicating whether the scheduled report is enabled." + enabled: Boolean + + "Description of the scheduled report." + description: String + + "The id of the dashboard the report was created for." + dashboardId: String + + "Start of the relative time interval for the dashboard." + timeIntervalFrom: String + + "The schedule to run the report by." + schedule: UpdateScheduledReportScheduleInput + + "Labels attached to the scheduled report." + labels: [String!] + + "List of parameter value configurations." + parameters: [UpdateScheduledReportParameterValueInput!] + + "List of recipients who should receive an email with the generated report." + recipients: [String!] + + "Layout of the scheduled report." + layout: UpdateScheduledReportLayoutInput } -""" -Order to sort queries by -""" -enum SortOrder { - Ascending - Descending +"Layout of the scheduled report." +input UpdateScheduledReportLayoutInput { + "Paper size. Supported types are A4 and Letter." + paperSize: String + + "Paper orientation. Supported types are Landscape and Portrait." + paperOrientation: String + + "Paper layout. Supported types are List and Grid." + paperLayout: String + + "Flag indicating whether to show report description." + showDescription: Boolean + + "Flag indicating whether to show title on frontpage." + showTitleFrontpage: Boolean + + "Flag indicating whether to show parameters." + showParameters: Boolean + + "Max number of rows to display in tables." + maxNumberOfRows: Int + + "Flag indicating whether to show title header." + showTitleHeader: Boolean + + "Flag indicating whether to show export date." + showExportDate: Boolean + + "Flag indicating whether to show footer page numbers." + footerShowPageNumbers: Boolean } -""" -Returns a query that gives the underlying events for some specified fields. queryArguments are names of free variables in the query, prefixed with a ?.For example, 'foo=?bar | count()' has the queryArgument bar. -""" -type SourceEventsQueryResultType { -""" -Stability: Preview -""" - query: String -""" -Stability: Preview -""" - queryArguments: [String!]! -""" -Stability: Preview -""" - diagnostics: [QueryDiagnostic!]! +"List of parameter value configurations." +input UpdateScheduledReportParameterValueInput { + "Id of the parameter." + id: String! + + "Value of the parameter." + value: String! } -type StorageOnDay { -""" -Stability: Long-term -""" - date: DateTime! -""" -Stability: Long-term -""" - storageBytes: Long! -""" -Stability: Long-term -""" - limit: UsageLimit! +"The schedule to run the report by." +input UpdateScheduledReportScheduleInput { + "Cron pattern describing the schedule to execute the report on." + cronExpression: String! + + "Timezone of the schedule. Examples include UTC, Europe/Copenhagen." + timeZone: String! + + "Start date of the active period of the schedule." + startDate: Long! + + "Optional end date of the active period of the schedule." + endDate: Long } -type StoredData { -""" -Stability: Long-term -""" - currentBytes: Long! -""" -Stability: Long-term -""" - limit: UsageLimit! +"Data for updating a scheduled search" +input UpdateScheduledSearch { + "Name of the view of the scheduled search." + viewName: String! + + "Id of the scheduled search." + id: String! + + "Name of the scheduled search." + name: String! + + "Description of the scheduled search." + description: String + + "LogScale query to execute." + queryString: String! + + "Start of the relative time interval for the query. Does not support values which cannot be represented in whole seconds." + queryStart: String! + + "End of the relative time interval for the query. Does not support values which cannot be represented in whole seconds." + queryEnd: String! + + "Cron pattern describing the schedule to execute the query on." + schedule: String! + + "Time zone of the schedule. Currently this field only supports UTC offsets like 'UTC', 'UTC-01' or 'UTC+12:45'." + timeZone: String! + + "User-defined limit, which caps the number of missed searches to backfill, e.g. in the event of a shutdown. If the 'queryTimestampType' is IngestTimestamp this field is not used, but due to backwards compatibility a value of 0 is returned." + backfillLimit: Int! + + "Flag indicating whether the scheduled search is enabled." + enabled: Boolean! + + "List of ids or names for actions to fire on query result. At most 10 actions can be added. Actions in packages can be referred to as \"packagescope/packagename:actionname\"." + actions: [String!]! + + "Labels attached to the scheduled search." + labels: [String!]! + + "The scheduled search will run with the permissions of the user corresponding to this id if 'queryOwnershipType' is set to User. If 'queryOwnershipType' is set to Organization, whilst 'runAsUserId' is set, this will result in an error. If not specified, the scheduled search will run with the permissions of the calling user. It requires the 'ChangeTriggersToRunAsOtherUsers' permission to set this field to a user id different from the calling user." + runAsUserId: String + + "Ownership of the query run by this scheduled search. If value is User, ownership will be based on the 'runAsUserId' field." + queryOwnershipType: QueryOwnershipType = User } -""" -Subdomain configuration for the organization -""" -type SubdomainConfig { -""" -The primary subdomain of the organization -Stability: Short-term -""" - primarySubdomain: String! -""" -The secondary subdomains of the organization -Stability: Short-term -""" - secondarySubdomains: [String!]! -""" -EnforceSubdomain, if set to true the organization can only be accessed by the subdomain, otherwise it can also be accessed directly at the cluster domain url. -Stability: Short-term -""" - enforceSubdomains: Boolean! +"Data for updating a scheduled search" +input UpdateScheduledSearchV2 { + "Name of the view of the scheduled search." + viewName: String! + + "Id of the scheduled search." + id: String! + + "Name of the scheduled search." + name: String! + + "Description of the scheduled search." + description: String + + "LogScale query to execute." + queryString: String! + + "Cron pattern describing the schedule to execute the query on." + schedule: String! + + "Time zone of the schedule. Currently this field only supports UTC offsets like 'UTC', 'UTC-01' or 'UTC+12:45'." + timeZone: String! + + "Search interval in seconds." + searchIntervalSeconds: Long! + + "Offset of the search interval in seconds. Only allowed when 'queryTimestampType' is EventTimestamp where it is mandatory." + searchIntervalOffsetSeconds: Long + + "Maximum number of seconds to wait for ingest delay and query warnings. Only allowed when 'queryTimestamp' is IngestTimestamp where it is mandatory." + maxWaitTimeSeconds: Long + + "Timestamp type to use for the query." + queryTimestampType: QueryTimestampType! + + "User-defined limit, which caps the number of missed searches to backfill, e.g. in the event of a shutdown. Only allowed when 'queryTimestampType' is EventTimestamp where it is mandatory." + backfillLimit: Int + + "Flag indicating whether the scheduled search is enabled." + enabled: Boolean! + + "List of ids or names for actions to fire on query result. At most 10 actions can be added. Actions in packages can be referred to as \"packagescope/packagename:actionname\"." + actionIdsOrNames: [String!]! + + "Labels attached to the scheduled search." + labels: [String!]! + + "The scheduled search will run with the permissions of the user corresponding to this id if 'queryOwnershipType' is set to User. If 'queryOwnershipType' is set to Organization, whilst 'runAsUserId' is set, this will result in an error. If not specified, the scheduled search will run with the permissions of the calling user. It requires the 'ChangeTriggersToRunAsOtherUsers' permission to set this field to a user id different from the calling user." + runAsUserId: String + + "Ownership of the query run by this scheduled search. If value is User, ownership will be based on the 'runAsUserId' field." + queryOwnershipType: QueryOwnershipType! } -type SuggestedAlertTypeInfo { -""" -The suggested alert type. -Stability: Short-term -""" - alertType: AlertType! -} +"Data for updating a scheduled search" +input UpdateScheduledSearchV3 { + "Name of the view of the scheduled search." + viewName: String! + + "Id of the scheduled search." + id: String! + + "Name of the scheduled search." + name: String! + + "Description of the scheduled search." + description: String + + "LogScale query to execute." + queryString: String! + + "Cron pattern describing the schedule to execute the query on." + schedule: String! + + "Time zone of the schedule. Currently this field only supports UTC offsets like 'UTC', 'UTC-01' or 'UTC+12:45'." + timeZone: String! + + "Search interval in seconds." + searchIntervalSeconds: Long! + + "Offset of the search interval in seconds. Only allowed when 'queryTimestampType' is EventTimestamp where it is mandatory." + searchIntervalOffsetSeconds: Long + + "Maximum number of seconds to wait for ingest delay and query warnings. Only allowed when 'queryTimestamp' is IngestTimestamp where it is mandatory." + maxWaitTimeSeconds: Long + + "Timestamp type to use for the query." + queryTimestampType: QueryTimestampType! + + "User-defined limit, which caps the number of missed searches to backfill, e.g. in the event of a shutdown. Only allowed when 'queryTimestampType' is EventTimestamp where it is mandatory." + backfillLimit: Int + + "Flag indicating whether the scheduled search is enabled." + enabled: Boolean! + + "Flag indicating whether the scheduled search should trigger when it finds en empty result (no events)." + triggerOnEmptyResult: Boolean! + + "List of ids or names for actions to fire on query result. At most 10 actions can be added. Actions in packages can be referred to as \"packagescope/packagename:actionname\"." + actionIdsOrNames: [String!]! + + "Labels attached to the scheduled search." + labels: [String!]! + + "The scheduled search will run with the permissions of the user corresponding to this id if 'queryOwnershipType' is set to User. If 'queryOwnershipType' is set to Organization, whilst 'runAsUserId' is set, this will result in an error. If not specified, the scheduled search will run with the permissions of the calling user. It requires the 'ChangeTriggersToRunAsOtherUsers' permission to set this field to a user id different from the calling user." + runAsUserId: String -""" -Actions a user may perform on the system. -""" -enum SystemAction { - ViewOrganizations - AdministerSystemPermissions - ChangeSubdomain - ViewSubdomain - DeleteOrganizations - AdministerOrganizations - AdministerCloud - AdministerTokens - AdministerCluster - ChangeSharedFiles + "Ownership of the query run by this scheduled search. If value is User, ownership will be based on the 'runAsUserId' field." + queryOwnershipType: QueryOwnershipType! } -""" -System permissions -""" -enum SystemPermission { - ReadHealthCheck - ViewOrganizations - ManageOrganizations - ImportOrganization - DeleteOrganizations - ChangeSystemPermissions - ManageCluster - IngestAcrossAllReposWithinCluster - DeleteHumioOwnedRepositoryOrView - ChangeUsername - ChangeFeatureFlags - ChangeSubdomains - ListSubdomains - PatchGlobal - ChangeBucketStorage - ManageOrganizationLinks +input UpdateSearchLinkInteractionInput { + path: String! + interactionId: String! + searchLinkInteractionInput: SearchLinkInteractionInput! } -""" -A tag on a datasource. -""" -type Tag { -""" -Stability: Short-term -""" - key: String! -""" -Stability: Short-term -""" - value: String! -} +"Data for updating a Slack action" +input UpdateSlackAction { + "Name of the view of the action." + viewName: String! -""" -Describes the number of groups that tag values get distributed into for a given tag. -""" -type TagGroupingRule { -""" -Stability: Short-term -""" - tagName: String! -""" -Stability: Short-term -""" - groupCount: Int! -} + "Id of the action." + id: String! -type TagInfo { -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - value: String! -} + "Name of the action." + name: String! -""" -A time interval that represents either a fixed or relative time range. -""" -type TimeInterval { -""" -Stability: Long-term -""" - start: String! -""" -Stability: Long-term -""" - end: String! -} + "Slack webhook url to send the request to." + url: String! -""" -A token. -""" -interface Token { -""" -A token. -""" - id: String! -""" -A token. -""" - name: String! -""" -A token. -""" - expireAt: Long -""" -A token. -""" - ipFilter: String -""" -A token. -""" - ipFilterV2: IPFilter -""" -A token. -""" - createdAt: Long! -} + "Fields to include within the Slack message. Can be templated with values from the result." + fields: [SlackFieldEntryInput!]! -""" -The token query result set -""" -type TokenQueryResultSet { -""" -The total number of matching results -Stability: Long-term -""" - totalResults: Int! -""" -The paginated result set -Stability: Long-term -""" - results: [Token!]! -} + "Defines whether the action should use the configured HTTP proxy to send requests." + useProxy: Boolean! -""" -Security policies for tokens in the organization -""" -type TokenSecurityPolicies { -""" -Whether personal user tokens are enabled -Stability: Short-term -""" - personalUserTokensEnabled: Boolean! -""" -Maximum time in ms a personal user token can be used before expiring (TTL) -Stability: Short-term -""" - personalUserTokensEnforceExpirationAfterMs: Long -""" -The IP filter that is enforced on all personal user tokens -Stability: Short-term -""" - personalUserTokensEnforceIpFilter: IPFilter -""" -Whether view permission tokens are enabled -Stability: Short-term -""" - viewPermissionTokensEnabled: Boolean! -""" -Maximum time in ms a view permission token can be used before expiring (TTL) -Stability: Short-term -""" - viewPermissionTokensEnforceExpirationAfterMs: Long -""" -The IP filter that is enforced on all view permission tokens -Stability: Short-term -""" - viewPermissionTokensEnforceIpFilter: IPFilter -""" -Whether it is allowed to change permissions on existing view permission tokens -Stability: Short-term -""" - viewPermissionTokensAllowPermissionUpdates: Boolean -""" -Whether organization permission tokens are enabled -Stability: Short-term -""" - organizationPermissionTokensEnabled: Boolean! -""" -Maximum time in ms a organization permission token can be used before expiring (TTL) -Stability: Short-term -""" - organizationPermissionTokensEnforceExpirationAfterMs: Long -""" -The IP filter that is enforced on all organization permission tokens -Stability: Short-term -""" - organizationPermissionTokensEnforceIpFilter: IPFilter -""" -Whether it is allowed to change permissions on existing organization permission tokens -Stability: Short-term -""" - organizationPermissionTokensAllowPermissionUpdates: Boolean -""" -Whether system permission tokens are enabled -Stability: Short-term -""" - systemPermissionTokensEnabled: Boolean! -""" -Maximum time in ms a system permission token can be used before expiring (TTL) -Stability: Short-term -""" - systemPermissionTokensEnforceExpirationAfterMs: Long -""" -The IP filter that is enforced on all system permission tokens -Stability: Short-term -""" - systemPermissionTokensEnforceIpFilter: IPFilter -""" -Whether it is allowed to change permissions on existing system permission tokens -Stability: Short-term -""" - systemPermissionTokensAllowPermissionUpdates: Boolean + "Labels to categorize the action." + labels: [String!] } -enum Tokens__SortBy { - ExpirationDate - Name +input UpdateSubscriptionInputObject { + subscription: Organizations__Subscription! + trialDays: Int } -enum Tokens__Type { - ViewPermissionToken - OrganizationPermissionToken - OrganizationManagementPermissionToken - SystemPermissionToken +input UpdateSystemPermissionsTokenPermissionsInput { + id: String! + permissions: [SystemPermission!]! } -""" -Trigger mode for an aggregate alert. -""" -enum TriggerMode { -""" -Wait for up to 20 minutes for a complete result before triggering. -""" - CompleteMode -""" -Trigger immediately, even on incomplete results. If nothing to trigger on, wait for up to 20 minutes for there to be a result to trigger on. -""" - ImmediateMode -} +"Data for updating an upload file action." +input UpdateUploadFileAction { + "Name of the view of the action." + viewName: String! -scalar URL + "Id of the action." + id: String! -enum UiTheme { - Auto - Dark - Light + "Name of the action." + name: String! + + "File name for the uploaded file." + fileName: String! + + "Labels to categorize the action." + labels: [String!] } -type UnlimitedUsage { -""" -Stability: Long-term -""" - unlimited: Boolean! +"Data for updating an upload file action." +input UpdateUploadFileActionV2 { + "Name of the view of the action." + viewName: RepoOrViewName! + + "Id of the action." + id: String! + + "Name of the action." + name: String! + + "File name for the uploaded file." + fileName: String! + + "Labels to categorize the action." + labels: [String!] + + "The mode for the file update." + updateMode: UpdateMode! + + "Key columns to use to update the file. This only allowed when `updateMode` is set to `update`, in which case it is mandatory. If new rows match existing rows in these columns, the existing row will be updated. If not, new rows will be appended." + keyColumns: [String!] + + "Whether to match key columns case insensitively or not. Should only be set when `updateMode` is `Update`, in which case it is mandatory." + keyColumnsIgnoreCase: Boolean } -""" -An unsaved aggregate alert. -""" -type UnsavedAggregateAlert { -""" -Name of the aggregate alert. -Stability: Long-term -""" - name: String! -""" -Description of the aggregate alert. -Stability: Long-term -""" - description: String -""" -LogScale query to execute. -Stability: Long-term -""" - queryString: String! -""" -List of actions to fire on query result. -Stability: Long-term -""" - actions: [Action!]! -""" -Labels attached to the aggregate alert. -Stability: Long-term -""" - labels: [String!]! -""" -Flag indicating whether the aggregate alert is enabled. -Stability: Long-term -""" - enabled: Boolean! -""" -Throttle time in seconds. -Stability: Long-term -""" - throttleTimeSeconds: Long! -""" -A field to throttle on. Can only be set if throttleTimeSeconds is set. -Stability: Long-term -""" - throttleField: String -""" -Timestamp type to use for a query. -Stability: Long-term -""" - queryTimestampType: QueryTimestampType! -""" -Trigger mode used for triggering the alert. -Stability: Long-term -""" - triggerMode: TriggerMode! -""" -Search interval in seconds. -Stability: Long-term -""" - searchIntervalSeconds: Long! +input UpdateUserByIdInput { + userId: String! + company: String + isRoot: Boolean + username: String + firstName: String + lastName: String + fullName: String + picture: String + email: String + countryCode: String + stateCode: String } -""" -An unsaved alert. -""" -type UnsavedAlert { -""" -Name of the alert. -Stability: Long-term -""" - name: String! -""" -Description of the alert. -Stability: Long-term -""" - description: String -""" -LogScale query to execute. -Stability: Long-term -""" - queryString: String! -""" -Start of the relative time interval for the query. -Stability: Long-term -""" - queryStart: String! -""" -Throttle time in milliseconds. -Stability: Long-term -""" - throttleTimeMillis: Long! -""" -Field to throttle on. -Stability: Long-term -""" - throttleField: String -""" -List of ids for actions to fire on query result. -Stability: Long-term -""" - actions: [Action!]! -""" -Labels attached to the alert. -Stability: Long-term -""" - labels: [String!]! -""" -Flag indicating whether the alert is enabled. -Stability: Long-term -""" - enabled: Boolean! +type UpdateUserByIdMutation { + "Stability: Long-term" + user: User! @stability(level: LongTerm) } -""" -An unsaved filter alert. -""" -type UnsavedFilterAlert { -""" -Name of the filter alert. -Stability: Long-term -""" - name: String! -""" -Description of the filter alert. -Stability: Long-term -""" - description: String -""" -LogScale query to execute. -Stability: Long-term -""" - queryString: String! -""" -List of ids for actions to fire on query result. -Stability: Long-term -""" - actions: [Action!]! -""" -Labels attached to the filter alert. -Stability: Long-term -""" - labels: [String!]! -""" -Flag indicating whether the filter alert is enabled. -Stability: Long-term -""" - enabled: Boolean! -""" -Throttle time in seconds. -Stability: Long-term -""" - throttleTimeSeconds: Long -""" -A field to throttle on. Can only be set if throttleTimeSeconds is set. -Stability: Long-term -""" - throttleField: String +type UpdateUserMutation { + "Stability: Long-term" + user: User! @stability(level: LongTerm) } -""" -The contents of a parser YAML template in structured form. The parser needs to be persisted before it can be deployed. -""" -type UnsavedParser { -""" -Name of the parser. -Stability: Long-term -""" - name: String! -""" -The description of the parser. -Stability: Long-term -""" - description: String -""" -The parser script that is executed for every incoming event. -Stability: Long-term -""" - script: String! -""" -Fields that are used as tags. -Stability: Long-term -""" - fieldsToTag: [String!]! -""" -A list of fields that will be removed from the event before it's parsed. These fields will not be included when calculating usage. -Stability: Long-term -""" - fieldsToBeRemovedBeforeParsing: [String!]! -""" -Test cases that can be used to help verify that the parser works as expected. -Stability: Long-term -""" - testCases: [ParserTestCase!]! +"Data for updating a VictorOps action." +input UpdateVictorOpsAction { + "Name of the view of the action." + viewName: String! + + "Id of the action." + id: String! + + "Name of the action." + name: String! + + "Type of the VictorOps message to make." + messageType: String! + + "VictorOps webhook url to send the request to." + notifyUrl: String! + + "Defines whether the action should use the configured HTTP proxy to send requests." + useProxy: Boolean! + + "Labels to categorize the action." + labels: [String!] } -""" -An unsaved scheduled search. -""" -type UnsavedScheduledSearch { -""" -Name of the scheduled search. -Stability: Long-term -""" - name: String! -""" -Description of the scheduled search. -Stability: Long-term -""" - description: String -""" -LogScale query to execute. -Stability: Long-term -""" - queryString: String! -""" -Start of the relative time interval for the query. -""" - start: String! -""" -End of the relative time interval for the query. -""" - end: String! -""" -Cron pattern describing the schedule to execute the query on. -Stability: Long-term -""" - schedule: String! -""" -Time zone of the schedule. Currently this field only supports UTC offsets like 'UTC', 'UTC-01' or 'UTC+12:45'. -Stability: Long-term -""" - timeZone: String! -""" -User-defined limit, which caps the number of missed searches to backfill, e.g. in the event of a shutdown. If the 'queryTimestampType' is IngestTimestamp this field is not used, but due to backwards compatibility a value of 0 is returned. -""" - backfillLimit: Int! -""" -User-defined limit, which caps the number of missed searches to backfill, e.g. in the event of a shutdown. Only present when 'queryTimestampType' is EventTimestamp. -Stability: Long-term -""" - backfillLimitV2: Int -""" -Search interval in seconds. -Stability: Long-term -""" - searchIntervalSeconds: Long! -""" -Offset of the search interval in seconds. Only present when 'queryTimestampType' is EventTimestamp. -Stability: Long-term -""" - searchIntervalOffsetSeconds: Long -""" -Maximum number of seconds to wait for ingest delay. Only present when 'queryTimestampType' is IngestTimestamp. -Stability: Long-term -""" - maxWaitTimeSeconds: Long -""" -Timestamp type to use for the query. -Stability: Long-term -""" - queryTimestampType: QueryTimestampType! -""" -List of Ids for actions to fire on query result. -Stability: Long-term -""" - actions: [Action!]! -""" -Labels attached to the scheduled search. -Stability: Long-term -""" - labels: [String!]! -""" -Flag indicating whether the scheduled search is enabled. -Stability: Long-term -""" - enabled: Boolean! +input UpdateViewPermissionsTokenPermissionsInput { + id: String! + permissions: [Permission!]! } -scalar UnversionedPackageSpecifier +"Data for updating a webhook action" +input UpdateWebhookAction { + "Name of the view of the action." + viewName: String! + + "Id of the action." + id: String! + + "Name of the action." + name: String! + + "Url to send the http(s) request to." + url: String! -type UpdateParametersInteraction { -""" -Stability: Long-term -""" - arguments: [DictionaryEntryType!]! -""" -Stability: Long-term -""" - useWidgetTimeWindow: Boolean! + "Method to use for the request." + method: String! + + "Headers of the http(s) request." + headers: [HttpHeaderEntryInput!]! + + "Body of the http(s) request. Can be templated with values from the result." + bodyTemplate: String! + + "Flag indicating whether SSL should be ignored for the request." + ignoreSSL: Boolean! + + "Defines whether the action should use the configured HTTP proxy to send requests." + useProxy: Boolean! + + "Labels to categorize the action." + labels: [String!] } -""" -An uploaded file snapshot. -""" +input UpgradeAccountData { + lastName: String! + company: String! + email: String! + firstName: String + purpose: Purposes + phoneNumber: String + countryCode: String + stateCode: String + comment: String +} + +"An upload file action." +type UploadFileAction implements Action { + """ + File name for the uploaded file. + Stability: Long-term + """ + fileName: String! @stability(level: LongTerm) + + """ + The mode for the file update. + Stability: Long-term + """ + updateMode: UpdateMode! @stability(level: LongTerm) + + """ + Key columns to use to update the file. This only allowed when `updateMode` is set to `update`, in which case it is mandatory. If new rows match existing rows in these columns, the existing row will be updated. If not, new rows will be appended. + Stability: Long-term + """ + keyColumns: [String!] @stability(level: LongTerm) + + """ + Whether to match key columns case insensitively or not. Should only be set when `updateMode` is `Update`, in which case it is mandatory. + Stability: Long-term + """ + keyColumnsIgnoreCase: Boolean @stability(level: LongTerm) + + """ + The name of the action. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + The display name of the action. + Stability: Long-term + """ + displayName: String! @stability(level: LongTerm) + + """ + The id of the action. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + A template that can be used to recreate the action. + Stability: Long-term + """ + yamlTemplate: YAML! @stability(level: LongTerm) + + "Stability: Long-term" + packageId: VersionedPackageSpecifier @stability(level: LongTerm) + + """ + The package, if any, which the action is part of. + Stability: Long-term + """ + package: PackageInstallation @stability(level: LongTerm) + + """ + False if this type of action is disabled because of a security policy, true otherwise + Stability: Long-term + """ + isAllowedToRun: Boolean! @stability(level: LongTerm) + + """ + True if this action is used by triggers, where the query is run by the organization. If true, then the OrganizationOwnedQueries permission is required to edit the action. + Stability: Long-term + """ + requiresOrganizationOwnedQueriesPermissionToEdit: Boolean! @stability(level: LongTerm) + + """ + Allowed asset actions + Stability: Short-term + """ + allowedActions: [AssetAction!]! @stability(level: ShortTerm) + + """ + The resource identifier for this action. + Stability: Short-term + """ + resource: String! @stability(level: ShortTerm) + + """ + Metadata related to the creation of the action + Stability: Long-term + """ + createdInfo: AssetCommitMetadata @stability(level: LongTerm) + + """ + Metadata related to the latest modification of the action + Stability: Long-term + """ + modifiedInfo: AssetCommitMetadata @stability(level: LongTerm) + + """ + Labels to categorize the action. + Stability: Preview + """ + labels: [String!] @stability(level: Preview) +} + +"An uploaded file snapshot." type UploadedFileSnapshot { -""" -Stability: Long-term -""" - nameAndPath: FileNameAndPath! -""" -Stability: Long-term -""" - headers: [String!]! -""" -Stability: Long-term -""" - lines: [[String!]!]! -""" -Stability: Long-term -""" - totalLinesCount: Long! -""" -Stability: Long-term -""" - limit: Int! -""" -Stability: Long-term -""" - offset: Int! -""" -Stability: Long-term -""" - filterString: String -""" -The resource identifier for this file. -Stability: Short-term -""" - resource: String! + "Stability: Long-term" + nameAndPath: FileNameAndPath! @stability(level: LongTerm) + + "Stability: Long-term" + headers: [String!]! @stability(level: LongTerm) + + "Stability: Long-term" + lines: [[String!]!]! @stability(level: LongTerm) + + "Stability: Long-term" + totalLinesCount: Long! @stability(level: LongTerm) + + "Stability: Long-term" + limit: Int! @stability(level: LongTerm) + + "Stability: Long-term" + offset: Int! @stability(level: LongTerm) + + "Stability: Long-term" + filterString: String @stability(level: LongTerm) + + """ + The resource identifier for this file. + Stability: Short-term + """ + resource: String! @stability(level: ShortTerm) } scalar UrlOrData -""" -Contractual usage limit. If you are above you should renegotiate your contract. -""" -union UsageLimit =UsageLimitDefined | UnlimitedUsage +"Contractual usage limit. If you are above you should renegotiate your contract." +union UsageLimit = UsageLimitDefined | UnlimitedUsage type UsageLimitDefined { -""" -Stability: Long-term -""" - limit: Long! + "Stability: Long-term" + limit: Long! @stability(level: LongTerm) } type UsageOnDay { -""" -Stability: Long-term -""" - date: DateTime! -""" -Stability: Long-term -""" - ingestBytes: Long! -""" -Stability: Long-term -""" - averageIngestBytes: Long -""" -Stability: Long-term -""" - limit: UsageLimit! + "Stability: Long-term" + date: DateTime! @stability(level: LongTerm) + + "Stability: Long-term" + ingestBytes: Long! @stability(level: LongTerm) + + "Stability: Long-term" + averageIngestBytes: Long @stability(level: LongTerm) + + "Stability: Long-term" + limit: UsageLimit! @stability(level: LongTerm) } type UsageStats { -""" -Current usage measurements and limits for ingest, storage, scanned data and users -Stability: Long-term -""" - currentStats( - queryId: String - ): CurrentUsageQueryResult! -""" -Stability: Long-term -""" - monthlyIngest( - month: Int! - year: Int! - queryId: String - ): MonthlyIngestQueryResult! -""" -Stability: Long-term -""" - monthlyStoredData( - month: Int! - year: Int! - queryId: String - ): MonthlyStorageQueryResult! -""" -Stability: Long-term -""" - firstUsageTimeStamp: Long! -""" -Stability: Long-term -""" - repositoriesIngest( - month: Int! - year: Int! - day: Int -""" -Filter results based on this string -""" - searchFilter: String -""" -The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1) -""" - skip: Int -""" -The amount of results to return. -""" - limit: Int -""" -Choose the order in which the results are returned. -""" - orderBy: OrderBy - sortBy: RepositoriesUsageQuerySortBy! - queryId: String - ): RepositoriesUsageQueryResultTypes! -""" -Stability: Long-term -""" - repositoriesStorage( - month: Int! - year: Int! - day: Int -""" -Filter results based on this string -""" - searchFilter: String -""" -The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1) -""" - skip: Int -""" -The amount of results to return. -""" - limit: Int -""" -Choose the order in which the results are returned. -""" - orderBy: OrderBy - sortBy: RepositoriesUsageQuerySortBy! - queryId: String - ): RepositoriesUsageQueryResultTypes! + """ + Current usage measurements and limits for ingest, storage, scanned data and users + Stability: Long-term + """ + currentStats(queryId: String): CurrentUsageQueryResult! @stability(level: LongTerm) + + "Stability: Long-term" + monthlyIngest(month: Int!, year: Int!, queryId: String): MonthlyIngestQueryResult! @stability(level: LongTerm) + + "Stability: Long-term" + monthlyStoredData(month: Int!, year: Int!, queryId: String): MonthlyStorageQueryResult! @stability(level: LongTerm) + + "Stability: Long-term" + firstUsageTimeStamp: Long! @stability(level: LongTerm) + + "Stability: Long-term" + repositoriesIngest(month: Int!, year: Int!, day: Int, + + "Filter results based on this string" + searchFilter: String, + + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, + + "The amount of results to return." + limit: Int = 50, + + "Choose the order in which the results are returned." + orderBy: OrderBy = ASC, sortBy: RepositoriesUsageQuerySortBy! = Name, queryId: String): RepositoriesUsageQueryResultTypes! @stability(level: LongTerm) + + "Stability: Long-term" + repositoriesStorage(month: Int!, year: Int!, day: Int, + + "Filter results based on this string" + searchFilter: String, + + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, + + "The amount of results to return." + limit: Int = 50, + + "Choose the order in which the results are returned." + orderBy: OrderBy = ASC, sortBy: RepositoriesUsageQuerySortBy! = Name, queryId: String): RepositoriesUsageQueryResultTypes! @stability(level: LongTerm) } -""" -A user profile. -""" +"A user profile." type User { -""" -Stability: Long-term -""" - id: String! -""" -fullName if present, otherwise username. -Stability: Long-term -""" - displayName: String! -""" -Stability: Long-term -""" - username: String! -""" -Stability: Long-term -""" - isRoot: Boolean! -""" -Stability: Long-term -""" - isOrgRoot: Boolean! -""" -Stability: Long-term -""" - fullName: String -""" -Stability: Long-term -""" - firstName: String -""" -Stability: Long-term -""" - lastName: String -""" -Stability: Long-term -""" - phoneNumber: String -""" -Stability: Long-term -""" - email: String -""" -Stability: Long-term -""" - picture: String -""" -Stability: Long-term -""" - createdAt: DateTime! -""" -Stability: Long-term -""" - countryCode: String -""" -Stability: Long-term -""" - stateCode: String -""" -Stability: Long-term -""" - company: String -""" -Stability: Long-term -""" - userOrGroupSearchDomainRoles( - search: String -""" -The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1) -""" - skip: Int -""" -The amount of results to return. -""" - limit: Int - ): UserOrGroupSearchDomainRoleResultSet! -""" -Stability: Long-term -""" - groupSearchDomainRoles: [GroupSearchDomainRole!]! -""" -Stability: Long-term -""" - searchDomainRoles( - searchDomainId: String - ): [SearchDomainRole!]! - searchDomainRolesByName( - searchDomainName: String! - ): SearchDomainRole -""" -Stability: Long-term -""" - searchDomainRolesBySearchDomainName( - searchDomainName: String! - ): [SearchDomainRole!]! -""" -Get allowed asset actions for the user on a specific asset and explain how these actions have been granted -Stability: Preview -""" - allowedAssetActionsBySource( -""" -Id of the asset -""" - assetId: String! -""" -The type of the asset. -""" - assetType: AssetPermissionsAssetType! -""" -Search domain id -""" - searchDomainId: String - ): [AssetActionsBySource!]! -""" -Search for asset permissions for the user. Only search for asset name is supported with regards to the ${SearchFilterArg.name} argument. -Stability: Preview -""" - searchAssetPermissions( -""" -Filter results based on this string -""" - searchFilter: String -""" -The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1) -""" - skip: Int -""" -The amount of results to return. -""" - limit: Int -""" -Choose the order in which the results are returned. -""" - orderBy: OrderBy -""" -The sort by options for assets. Asset name is default -""" - sortBy: SortBy -""" -List of asset types -""" - assetTypes: [AssetPermissionsAssetType!] -""" -List of search domain id's to search within. Null or empty list is interpreted as all search domains -""" - searchDomainIds: [String!] -""" -Include Read, Update and/or Delete permission assignments. The filter will accept all assets if the argument Null or the empty list. -""" - permissions: [AssetAction!] - ): AssetPermissionSearchResultSet! -""" -The roles assigned to the user through a group. -Stability: Preview -""" - rolesV2( - search: String - typeFilter: [PermissionType!] -""" -The amount of results to return. -""" - limit: Int -""" -The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1) -""" - skip: Int - searchInGroups: Boolean - ): RolesResultSetType! -""" -The groups the user is a member of. -Stability: Preview -""" - groupsV2( - search: String - typeFilter: [PermissionType!] -""" -The amount of results to return. -""" - limit: Int -""" -The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1) -""" - skip: Int - searchInRoles: Boolean - ): GroupResultSetType! -""" -The groups the user is a member of. -Stability: Long-term -""" - groups: [Group!]! -""" -Permissions of the user. -Stability: Long-term -""" - permissions( -""" -Exact name of the repo to find permissions for. -""" - viewName: String - ): [UserPermissions!]! -""" -A page of user permissions. -""" - permissionsPage( - search: String - pageNumber: Int! - pageSize: Int! - ): UserPermissionsPage! -""" -Returns the actions the user is allowed to perform in the system. -Stability: Long-term -""" - allowedSystemActions: [SystemAction!]! -""" -Returns the actions the user is allowed to perform in the organization. -Stability: Long-term -""" - allowedOrganizationActions: [OrganizationAction!]! -} + "Stability: Long-term" + id: String! @stability(level: LongTerm) -type UserAndTimestamp { -""" -Stability: Long-term -""" - username: String! -""" -Stability: Long-term -""" - user: User -""" -Stability: Long-term -""" - timestamp: DateTime! -} + """ + fullName if present, otherwise username. + Stability: Long-term + """ + displayName: String! @stability(level: LongTerm) -""" -A user or a group -""" -union UserOrGroup =Group | User + "Stability: Long-term" + username: String! @stability(level: LongTerm) -""" -An asset permission search result set -""" -type UserOrGroupAssetPermissionSearchResultSet { -""" -The total number of matching results -Stability: Preview -""" - totalResults: Int! -""" -The paginated result set -Stability: Preview -""" - results: [UserOrGroupTypeAndPermissions!]! -} + "Stability: Long-term" + isRoot: Boolean! @stability(level: LongTerm) -""" -A user or a group role -""" -union UserOrGroupSearchDomainRole =GroupSearchDomainRole | SearchDomainRole + "Stability: Long-term" + isOrgRoot: Boolean! @stability(level: LongTerm) -""" -A page of users or group roles. -""" -type UserOrGroupSearchDomainRoleResultSet { -""" -The total number of matching results -Stability: Long-term -""" - totalResults: Int! -""" -Stability: Long-term -""" - results: [UserOrGroupSearchDomainRole!]! -""" -Stability: Long-term -""" - totalSearchDomains: Int! -} + "Stability: Long-term" + fullName: String @stability(level: LongTerm) -""" -User or groups and its asset permissions -""" -type UserOrGroupTypeAndPermissions { -""" -Stability: Preview -""" - userOrGroup: UserOrGroup! -""" -Stability: Preview -""" - assetPermissions: [AssetAction!]! -""" -The type of the Asset -Stability: Preview -""" - assetType: AssetPermissionsAssetType! -} + "Stability: Long-term" + firstName: String @stability(level: LongTerm) + + "Stability: Long-term" + lastName: String @stability(level: LongTerm) + + "Stability: Long-term" + phoneNumber: String @stability(level: LongTerm) + + "Stability: Long-term" + email: String @stability(level: LongTerm) + + "Stability: Long-term" + picture: String @stability(level: LongTerm) + + "Stability: Long-term" + createdAt: DateTime! @stability(level: LongTerm) + + "Stability: Long-term" + countryCode: String @stability(level: LongTerm) + + "Stability: Long-term" + stateCode: String @stability(level: LongTerm) + + "Stability: Long-term" + company: String @stability(level: LongTerm) + + """ + Readable username for when user stems from Falcon + Stability: Long-term + """ + externalUsername: String @stability(level: LongTerm) + + "Stability: Long-term" + userOrGroupSearchDomainRoles(search: String, + + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, + + "The amount of results to return." + limit: Int = 50): UserOrGroupSearchDomainRoleResultSet! @stability(level: LongTerm) + + "Stability: Long-term" + groupSearchDomainRoles: [GroupSearchDomainRole!]! @stability(level: LongTerm) + + "Stability: Long-term" + searchDomainRoles(searchDomainId: String): [SearchDomainRole!]! @stability(level: LongTerm) + searchDomainRolesByName(searchDomainName: String!): SearchDomainRole @deprecated(reason: "[DEPRECATED: When multiple roles per view is enabled, this field will only return the first of possibly multiple roles matching the name for the view. Use 'Use \"searchDomainRoles\" or \"searchDomainRolesBySearchDomainName\" fields instead' instead. Will be removed at the earliest in version 1.195]") + + "Stability: Long-term" + searchDomainRolesBySearchDomainName(searchDomainName: String!): [SearchDomainRole!]! @stability(level: LongTerm) + + """ + Get allowed asset actions for the user on a specific asset and explain how these actions have been granted + Stability: Short-term + """ + allowedAssetActionsBySource( + "Id of the asset" + assetId: String!, + + "The type of the asset." + assetType: AssetPermissionsAssetType!, + + "Search domain id" + searchDomainId: String): [AssetActionsBySource!]! @stability(level: ShortTerm) + + """ + Search for asset permissions for the user. Only search for asset name is supported with regards to the ${SearchFilterArg.name} argument. + Stability: Short-term + """ + searchAssetPermissions( + "Filter results based on this string" + searchFilter: String, + + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, + + "The amount of results to return." + limit: Int = 50, + + "Choose the order in which the results are returned." + orderBy: OrderBy = ASC, + + "The sort by options for assets. Asset name is default" + sortBy: SortBy, + + "List of asset types" + assetTypes: [AssetPermissionsAssetType!], + + "List of search domain id's to search within. Null or empty list is interpreted as all search domains" + searchDomainIds: [String!], + + "Include Read, Update and/or Delete permission assignments. The filter will accept all assets if the argument Null or the empty list." + permissions: [AssetAction!]): AssetPermissionSearchResultSet! @stability(level: ShortTerm) + + """ + The roles assigned to the user through a group. + Stability: Short-term + """ + rolesV2(search: String, typeFilter: [PermissionType!], + + "The amount of results to return." + limit: Int = 50, -""" -Permissions of the user. -""" -type UserPermissions { -""" -Stability: Short-term -""" - searchDomain: SearchDomain! -""" -Stability: Short-term -""" - queryPrefix: String! -""" -Stability: Short-term -""" - viewPermissions: [Permission!]! -} + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, searchInGroups: Boolean): RolesResultSetType! @stability(level: ShortTerm) -""" -A page of user permissions. -""" -type UserPermissionsPage { -""" -Stability: Short-term -""" - pageInfo: PageType! -""" -Stability: Short-term -""" - page: [UserPermissions!]! + """ + The groups the user is a member of. + Stability: Short-term + """ + groupsV2(search: String, typeFilter: [PermissionType!], + + "The amount of results to return." + limit: Int = 50, + + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, searchInRoles: Boolean): GroupResultSetType! @stability(level: ShortTerm) + + """ + The groups the user is a member of. + Stability: Long-term + """ + groups: [Group!]! @stability(level: LongTerm) + + """ + Permissions of the user. + Stability: Long-term + """ + permissions( + "Exact name of the repo to find permissions for." + viewName: String): [UserPermissions!]! @stability(level: LongTerm) + + "A page of user permissions." + permissionsPage(search: String, pageNumber: Int!, pageSize: Int!): UserPermissionsPage! @deprecated(reason: "[DEPRECATED: Field is no longer used. Will be removed at the earliest in version 1.208]") + + """ + Returns the actions the user is allowed to perform in the system. + Stability: Long-term + """ + allowedSystemActions: [SystemAction!]! @stability(level: LongTerm) + + """ + Returns the actions the user is allowed to perform in the organization. + Stability: Long-term + """ + allowedOrganizationActions: [OrganizationAction!]! @stability(level: LongTerm) } -""" -The users query result set. -""" -type UserResultSetType { -""" -The total number of matching results -Stability: Long-term -""" - totalResults: Int! -""" -The paginated result set -Stability: Long-term -""" - results: [User!]! +type UserAndTimestamp { + "Stability: Long-term" + username: String! @stability(level: LongTerm) + + "Stability: Long-term" + user: User @stability(level: LongTerm) + + "Stability: Long-term" + timestamp: DateTime! @stability(level: LongTerm) } -type UserSettings { -""" -Stability: Long-term -""" - uiTheme: UiTheme! -""" -Stability: Long-term -""" - starredDashboards: [String!]! -""" -Stability: Long-term -""" - starredSearchDomains: [String!]! - starredAlerts: [String!]! -""" -Stability: Preview -""" - featureAnnouncementsToShow: [FeatureAnnouncement!]! -""" -Stability: Long-term -""" - isQuickStartCompleted: Boolean! -""" -Default timezone preference -Stability: Long-term -""" - defaultTimeZone: String -""" -Stability: Preview -""" - isAutomaticHighlightingEnabled: Boolean! -""" -Stability: Short-term -""" - isCommunityMessageDismissed: Boolean! -""" -Stability: Short-term -""" - isGettingStartedMessageDismissed: Boolean! -""" -Stability: Short-term -""" - isWelcomeMessageDismissed: Boolean! -""" -Stability: Short-term -""" - isEventListOrderedWithNewestAtBottom: Boolean! -""" -Stability: Short-term -""" - isPackageDocsMessageDismissed: Boolean! -""" -Stability: Short-term -""" - isFieldPanelOpenByDefault: Boolean! -""" -Stability: Short-term -""" - isAutomaticSearchEnabled: Boolean! -""" -Stability: Short-term -""" - isDarkModeMessageDismissed: Boolean! +"Asset actions given by direct user assignments for a specific asset" +type UserAssetActionsBySource implements AssetActionsBySource { + "Stability: Short-term" + user: User! @stability(level: ShortTerm) + + """ + Asset actions granted because user is root. + Stability: Short-term + """ + assetActionsGrantedBecauseUserIsRoot: [AssetAction!]! @stability(level: ShortTerm) + + """ + List of roles assigned to the user or group and the asset actions they allow + Stability: Short-term + """ + assetActionsByRoles: [AssetActionsByRole!]! @stability(level: ShortTerm) + + """ + Asset permissions assigned directly to the user or group + Stability: Short-term + """ + directlyAssigned: DirectlyAssignedAssetPermissions! @stability(level: ShortTerm) } -""" -A paginated set of users -""" -type Users { -""" -The total number of users -Stability: Long-term -""" - totalUsers: Int! -""" -The paginated set of users -Stability: Long-term -""" - users: [User!]! +type UserCommitAuthor implements AssetCommitAuthor { + """ + User who committed the asset. If null, the user has been deleted. + Stability: Long-term + """ + user: User @stability(level: LongTerm) + + """ + A common string representation of an author + Stability: Long-term + """ + displayString: String! @stability(level: LongTerm) } -""" -A page of users and groups. -""" -type UsersAndGroupsSearchResultSet { -""" -The total number of matching results -Stability: Long-term -""" - totalResults: Int! -""" -Stability: Long-term -""" - results: [UserOrGroup!]! +input UserDefaultSettingsInput { + defaultTimeZone: String } -type UsersLimit { -""" -Stability: Long-term -""" - currentBytes: Int! -""" -Stability: Long-term -""" - limit: UsageLimit! +"A user or a group" +union UserOrGroup = Group | User + +"An asset permission search result set" +type UserOrGroupAssetPermissionSearchResultSet { + """ + The total number of matching results + Stability: Short-term + """ + totalResults: Int! @stability(level: ShortTerm) + + """ + The paginated result set + Stability: Short-term + """ + results: [UserOrGroupTypeAndPermissions!]! @stability(level: ShortTerm) } -""" -A page of users. -""" -type UsersPage { -""" -Stability: Long-term -""" - pageInfo: PageType! -""" -Stability: Long-term -""" - page: [User!]! +"A user or a group role" +union UserOrGroupSearchDomainRole = GroupSearchDomainRole | SearchDomainRole + +"A page of users or group roles." +type UserOrGroupSearchDomainRoleResultSet { + """ + The total number of matching results + Stability: Long-term + """ + totalResults: Int! @stability(level: LongTerm) + + "Stability: Long-term" + results: [UserOrGroupSearchDomainRole!]! @stability(level: LongTerm) + + "Stability: Long-term" + totalSearchDomains: Int! @stability(level: LongTerm) } -scalar VersionedPackageSpecifier +"User or groups and its asset permissions" +type UserOrGroupTypeAndPermissions { + "Stability: Short-term" + userOrGroup: UserOrGroup! @stability(level: ShortTerm) -""" -Represents information about a view, pulling data from one or several repositories. -""" -type View implements SearchDomain{ -""" -Stability: Long-term -""" - connections: [ViewConnection!]! -""" -Stability: Short-term -""" - crossOrgConnections: [CrossOrgViewConnection!]! -""" -Cluster connections. -Stability: Short-term -""" - clusterConnections: [ClusterConnection!]! -""" -A specific connection. -Stability: Short-term -""" - clusterConnection( -""" -The id of the connection to get. -""" - id: String! - ): ClusterConnection! -""" -Check all this search domain's cluster connections. -Stability: Short-term -""" - checkClusterConnections: [ClusterConnectionStatus!]! -""" -True if the view is federated, false otherwise. -Stability: Preview -""" - isFederated: Boolean! -""" -Stability: Long-term -""" - id: String! -""" -Stability: Long-term -""" - name: RepoOrViewName! -""" -Stability: Long-term -""" - description: String -""" -The point in time the search domain was marked for deletion. -Stability: Long-term -""" - deletedDate: Long -""" -The point in time the search domain will not be restorable anymore. -Stability: Long-term -""" - permanentlyDeletedAt: Long -""" -Stability: Long-term -""" - isStarred: Boolean! -""" -Search limit in milliseconds, which searches should are limited to. -Stability: Long-term -""" - searchLimitedMs: Long -""" -Repositories not part of the search limitation. -Stability: Long-term -""" - reposExcludedInSearchLimit: [String!]! -""" -Returns a specific version of a package given a package version. -Stability: Long-term -""" - packageV2( -""" -The package id of the package to get. -""" - packageId: VersionedPackageSpecifier! - ): Package2! -""" -The available versions of a package. -Stability: Long-term -""" - packageVersions( - packageId: UnversionedPackageSpecifier! - ): [RegistryPackageVersionInfo!]! -""" -Returns a list of available packages that can be installed. -Stability: Long-term -""" - availablePackages( -""" -Filter input to limit the returned packages -""" - filter: String -""" -Packages with any of these tags will be included. No filtering on tags. -""" - tags: [PackageTag!] -""" -Packages with any of these categories will be included. -""" - categories: [String!] - ): [PackageRegistrySearchResultItem!]! -""" -List packages installed on a specific view or repo. -Stability: Long-term -""" - installedPackages: [PackageInstallation!]! -""" -Stability: Long-term -""" - hasPackageInstalled( - packageId: VersionedPackageSpecifier! - ): Boolean! -""" -Users who have access. -Stability: Long-term -""" - users: [User!]! -""" -Users or groups who has access. -Stability: Long-term -""" - usersAndGroups( - search: String -""" -The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1) -""" - skip: Int -""" -The amount of results to return. -""" - limit: Int - ): UsersAndGroupsSearchResultSet! -""" -Search users with a given permission -Stability: Preview -""" - usersV2( -""" -Search for a user whose email or name matches this search string -""" - search: String -""" -Permission that the users must have on the search domain. Leave out to get users with any permission on the view -""" - permissionFilter: Permission -""" -The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1) -""" - skip: Int -""" -The amount of results to return. -""" - limit: Int - ): Users! -""" -Groups with assigned roles. -Stability: Long-term -""" - groups: [Group!]! -""" -Stability: Long-term -""" - starredFields: [String!]! -""" -Stability: Long-term -""" - recentQueriesV2: [RecentQuery!]! -""" -Stability: Long-term -""" - automaticSearch: Boolean! -""" -Check if the current user is allowed to perform the given action on the view. -Stability: Long-term -""" - isActionAllowed( -""" -The action to check if a user is allowed to perform on a view. -""" - action: ViewAction! - ): Boolean! -""" -Returns the all actions the user is allowed to perform on the view. -Stability: Long-term -""" - allowedViewActions: [ViewAction!]! -""" -The query prefix prepended to each search in this domain. -Stability: Long-term -""" - viewerQueryPrefix: String! -""" -All tags from all datasources. -Stability: Long-term -""" - tags: [String!]! -""" -The resource identifier for this search domain. -Stability: Short-term -""" - resource: String! -""" -All interactions defined on the view. -Stability: Long-term -""" - interactions: [ViewInteraction!]! -""" -A saved alert -Stability: Long-term -""" - alert( - id: String! - ): Alert! -""" -Saved alerts. -Stability: Long-term -""" - alerts: [Alert!]! -""" -A saved dashboard. -Stability: Long-term -""" - dashboard( - id: String! - ): Dashboard! -""" -All dashboards available on the view. -Stability: Long-term -""" - dashboards: [Dashboard!]! -""" -A saved filter alert -Stability: Long-term -""" - filterAlert( - id: String! - ): FilterAlert! -""" -Saved filter alerts. -Stability: Long-term -""" - filterAlerts: [FilterAlert!]! -""" -A saved aggregate alert -Stability: Long-term -""" - aggregateAlert( - id: String! - ): AggregateAlert! -""" -Saved aggregate alerts. -Stability: Long-term -""" - aggregateAlerts: [AggregateAlert!]! -""" -A saved scheduled search. -Stability: Long-term -""" - scheduledSearch( -""" -The id of the scheduled search to get. -""" - id: String! - ): ScheduledSearch! -""" -Saved scheduled searches. -Stability: Long-term -""" - scheduledSearches: [ScheduledSearch!]! -""" -A saved action. -Stability: Long-term -""" - action( -""" -The id of the action to get. -""" - id: String! - ): Action! -""" -A list of saved actions. -Stability: Long-term -""" - actions( -""" -The result will only include actions with the specified ids. Omit to find all actions. -""" - actionIds: [String!] - ): [Action!]! -""" -A saved query. -Stability: Long-term -""" - savedQuery( - id: String! - ): SavedQuery! -""" -Saved queries. -Stability: Long-term -""" - savedQueries: [SavedQuery!]! -""" -Stability: Long-term -""" - defaultQuery: SavedQuery -""" -Stability: Long-term -""" - files: [File!]! -""" -Stability: Long-term -""" - fileFieldSearch( -""" -Name of the csv or json file to retrieve the field entries from. -""" - fileName: String! -""" -Name of the field in the file to return entries from. -""" - fieldName: String! -""" -Text to filter values by prefix on. -""" - prefixFilter: String -""" -The exact values that given fields should have for an entry to be part of the result. -""" - valueFilters: [FileFieldFilterType!]! -""" -Names of the fields to include in the result. -""" - fieldsToInclude: [String!]! -""" -Maximum number of values to retrieve from the file. -""" - maxEntries: Int! - ): [[DictionaryEntryType!]!]! -""" -Saved scheduled reports. -Stability: Long-term -""" - scheduledReports: [ScheduledReport!]! -""" -Saved scheduled report. -Stability: Long-term -""" - scheduledReport( -""" -The id of the scheduled report to get. -""" - id: String! - ): ScheduledReport + "Stability: Short-term" + assetPermissions: [AssetAction!]! @stability(level: ShortTerm) + + """ + The type of the Asset + Stability: Short-term + """ + assetType: AssetPermissionsAssetType! @stability(level: ShortTerm) +} + +"Query running with user based ownership" +type UserOwnership implements QueryOwnership { + """ + User owning and running the query. If null, then the user doesn't exist anymore. + Stability: Long-term + """ + user: User @stability(level: LongTerm) + + """ + Id of user owning and running the query + Stability: Long-term + """ + id: String! @stability(level: LongTerm) } -""" -Actions a user may perform on a view. -""" -enum ViewAction { - ChangeConnections - ChangeUserAccess -""" -Denotes if you can administer alerts, scheduled searches and actions -""" - ChangeTriggersAndActions -""" -Denotes if you can administer alerts and scheduled searches -""" - ChangeTriggers - CreateTriggers -""" -Denotes if you can administer actions -""" - ChangeActions - CreateActions - ChangeInteractions - ChangeViewOrRepositoryDescription - ChangeDashboards - CreateDashboards - ChangeDashboardReadonlyToken - ChangeFdrFeeds - ChangeDataspaceKind - ChangeFdrFeedControls - ReadFdrFeeds - ChangeIngestFeeds - ChangeFiles - CreateFiles - ChangeParsers - DeleteParsers - ChangeSavedQueries - CreateSavedQueries - ConnectView - ConnectMultiClusterView - ChangeDataDeletionPermissions - ChangeRetention - ChangeTimeBasedRetention - ChangeSizeBasedRetention - ChangeDefaultSearchSettings - ChangeS3ArchivingSettings - DeleteDataSources - DeleteRepositoryOrView - DeleteEvents -""" -Denotes if you can see log events -""" - ReadEvents - ChangeIngestTokens - ChangePackages -""" -Denotes if you can administer event forwarding rules -""" - EventForwarding - ChangeIngestListeners - ChangePermissionTokens - ChangeIngestBlocking - ChangeFieldsToBeRemovedBeforeParsing - ExportQueryResults - ChangeOrganizationOwnedQueries - ReadExternalFunctions - ChangeScheduledReports - CreateScheduledReports - GenerateParsers - SaveSearchResultAsWidget - TestActions +"Permissions of the user." +type UserPermissions { + "Stability: Short-term" + searchDomain: SearchDomain! @stability(level: ShortTerm) + + "Stability: Short-term" + queryPrefix: String! @stability(level: ShortTerm) + + "Stability: Short-term" + viewPermissions: [Permission!]! @stability(level: ShortTerm) } -""" -Represents the connection between a view and an underlying repository. -""" +"A page of user permissions." +type UserPermissionsPage { + "Stability: Short-term" + pageInfo: PageType! @stability(level: ShortTerm) + + "Stability: Short-term" + page: [UserPermissions!]! @stability(level: ShortTerm) +} + +"The users query result set." +type UserResultSetType { + """ + The total number of matching results + Stability: Long-term + """ + totalResults: Int! @stability(level: LongTerm) + + """ + The paginated result set + Stability: Long-term + """ + results: [User!]! @stability(level: LongTerm) +} + +input UserRoleAssignment { + userId: String! + roleId: String! +} + +input UserRoleAssignmentInput { + userId: String! + roleIds: [String!]! +} + +type UserSettings { + "Stability: Long-term" + uiTheme: UiTheme! @stability(level: LongTerm) + + "Stability: Long-term" + starredDashboards: [String!]! @stability(level: LongTerm) + + "Stability: Long-term" + starredSearchDomains: [String!]! @stability(level: LongTerm) + + "Stability: Preview" + featureAnnouncementsToShow: [FeatureAnnouncement!]! @stability(level: Preview) + + "Stability: Long-term" + isQuickStartCompleted: Boolean! @stability(level: LongTerm) + + """ + Default timezone preference + Stability: Long-term + """ + defaultTimeZone: String @stability(level: LongTerm) + + "Stability: Preview" + isAutomaticHighlightingEnabled: Boolean! @stability(level: Preview) + + "Stability: Short-term" + isCommunityMessageDismissed: Boolean! @stability(level: ShortTerm) + + "Stability: Short-term" + isGettingStartedMessageDismissed: Boolean! @stability(level: ShortTerm) + + "Stability: Short-term" + isWelcomeMessageDismissed: Boolean! @stability(level: ShortTerm) + + "Stability: Short-term" + isEventListOrderedWithNewestAtBottom: Boolean! @stability(level: ShortTerm) + isPackageDocsMessageDismissed: Boolean! @deprecated(reason: "[DEPRECATED: This has no effect and is no longer used internally. Will be removed at the earliest in version 1.225]") + isDarkModeMessageDismissed: Boolean! @deprecated(reason: "[DEPRECATED: This has no effect and is no longer used internally. Will be removed at the earliest in version 1.225]") + + "Stability: Short-term" + isFieldPanelOpenByDefault: Boolean! @stability(level: ShortTerm) + + "Stability: Short-term" + isAutomaticSearchEnabled: Boolean! @stability(level: ShortTerm) +} + +"Username and password authentication. The underlying authentication mechanism is configured by the server, e.g. LDAP." +type UsernameAndPasswordAuthentication implements AuthenticationMethod { + "Stability: Long-term" + name: String! @stability(level: LongTerm) +} + +"A paginated set of users" +type Users { + """ + The total number of users + Stability: Long-term + """ + totalUsers: Int! @stability(level: LongTerm) + + """ + The paginated set of users + Stability: Long-term + """ + users: [User!]! @stability(level: LongTerm) +} + +"A page of users and groups." +type UsersAndGroupsSearchResultSet { + """ + The total number of matching results + Stability: Long-term + """ + totalResults: Int! @stability(level: LongTerm) + + "Stability: Long-term" + results: [UserOrGroup!]! @stability(level: LongTerm) +} + +type UsersLimit { + "Stability: Long-term" + currentBytes: Int! @stability(level: LongTerm) + + "Stability: Long-term" + limit: UsageLimit! @stability(level: LongTerm) +} + +"A page of users." +type UsersPage { + "Stability: Long-term" + pageInfo: PageType! @stability(level: LongTerm) + + "Stability: Long-term" + page: [User!]! @stability(level: LongTerm) +} + +input UtmParams { + campaign: String! + content: String! + medium: String! + source: String! + term: String! +} + +scalar VersionedPackageSpecifier + +"A VictorOps action." +type VictorOpsAction implements Action { + """ + Type of the VictorOps message to make. + Stability: Long-term + """ + messageType: String! @stability(level: LongTerm) + + """ + VictorOps webhook url to send the request to. + Stability: Long-term + """ + notifyUrl: String! @stability(level: LongTerm) + + """ + Defines whether the action should use the configured HTTP proxy to send requests. + Stability: Long-term + """ + useProxy: Boolean! @stability(level: LongTerm) + + """ + The name of the action. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + The display name of the action. + Stability: Long-term + """ + displayName: String! @stability(level: LongTerm) + + """ + The id of the action. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + A template that can be used to recreate the action. + Stability: Long-term + """ + yamlTemplate: YAML! @stability(level: LongTerm) + + "Stability: Long-term" + packageId: VersionedPackageSpecifier @stability(level: LongTerm) + + """ + The package, if any, which the action is part of. + Stability: Long-term + """ + package: PackageInstallation @stability(level: LongTerm) + + """ + False if this type of action is disabled because of a security policy, true otherwise + Stability: Long-term + """ + isAllowedToRun: Boolean! @stability(level: LongTerm) + + """ + True if this action is used by triggers, where the query is run by the organization. If true, then the OrganizationOwnedQueries permission is required to edit the action. + Stability: Long-term + """ + requiresOrganizationOwnedQueriesPermissionToEdit: Boolean! @stability(level: LongTerm) + + """ + Allowed asset actions + Stability: Short-term + """ + allowedActions: [AssetAction!]! @stability(level: ShortTerm) + + """ + The resource identifier for this action. + Stability: Short-term + """ + resource: String! @stability(level: ShortTerm) + + """ + Metadata related to the creation of the action + Stability: Long-term + """ + createdInfo: AssetCommitMetadata @stability(level: LongTerm) + + """ + Metadata related to the latest modification of the action + Stability: Long-term + """ + modifiedInfo: AssetCommitMetadata @stability(level: LongTerm) + + """ + Labels to categorize the action. + Stability: Preview + """ + labels: [String!] @stability(level: Preview) +} + +"Represents information about a view, pulling data from one or several repositories." +type View implements SearchDomain { + "Stability: Long-term" + connections: [ViewConnection!]! @stability(level: LongTerm) + + "Stability: Short-term" + crossOrgConnections: [CrossOrgViewConnection!]! @stability(level: ShortTerm) + + """ + Cluster connections. + Stability: Short-term + """ + clusterConnections: [ClusterConnection!]! @stability(level: ShortTerm) + + """ + A specific connection. + Stability: Short-term + """ + clusterConnection( + "The id of the connection to get." + id: String!): ClusterConnection! @stability(level: ShortTerm) + + """ + Check all this search domain's cluster connections. + Stability: Short-term + """ + checkClusterConnections: [ClusterConnectionStatus!]! @stability(level: ShortTerm) + + """ + True if the view is federated, false otherwise. + Stability: Preview + """ + isFederated: Boolean! @stability(level: Preview) + + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + name: RepoOrViewName! @stability(level: LongTerm) + + "Stability: Long-term" + description: String @stability(level: LongTerm) + + """ + The point in time the search domain was marked for deletion. + Stability: Long-term + """ + deletedDate: Long @stability(level: LongTerm) + + """ + The point in time the search domain will not be restorable anymore. + Stability: Long-term + """ + permanentlyDeletedAt: Long @stability(level: LongTerm) + + "Stability: Long-term" + isStarred: Boolean! @stability(level: LongTerm) + + """ + Search limit in milliseconds, which searches should are limited to. + Stability: Long-term + """ + searchLimitedMs: Long @stability(level: LongTerm) + + """ + Repositories not part of the search limitation. + Stability: Long-term + """ + reposExcludedInSearchLimit: [String!]! @stability(level: LongTerm) + + """ + Returns a specific version of a package given a package version. + Stability: Long-term + """ + packageV2( + "The package id of the package to get." + packageId: VersionedPackageSpecifier!): Package2! @stability(level: LongTerm) + + """ + The available versions of a package. + Stability: Long-term + """ + packageVersions(packageId: UnversionedPackageSpecifier!): [RegistryPackageVersionInfo!]! @stability(level: LongTerm) + + """ + Returns a list of available packages that can be installed. + Stability: Long-term + """ + availablePackages( + "Filter input to limit the returned packages" + filter: String, + + "Packages with any of these tags will be included. No filtering on tags." + tags: [PackageTag!], + + "Packages with any of these categories will be included." + categories: [String!]): [PackageRegistrySearchResultItem!]! @stability(level: LongTerm) + + """ + List packages installed on a specific view or repo. + Stability: Long-term + """ + installedPackages: [PackageInstallation!]! @stability(level: LongTerm) + + "Stability: Long-term" + hasPackageInstalled(packageId: VersionedPackageSpecifier!): Boolean! @stability(level: LongTerm) + + """ + Users who have access. + Stability: Long-term + """ + users: [User!]! @stability(level: LongTerm) + + """ + Users or groups who has access. + Stability: Long-term + """ + usersAndGroups(search: String, + + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, + + "The amount of results to return." + limit: Int = 50): UsersAndGroupsSearchResultSet! @stability(level: LongTerm) + + """ + Search users with a given permission + Stability: Short-term + """ + usersV2( + "Search for a user whose email or name matches this search string" + search: String, + + "Permission that the users must have on the search domain. Leave out to get users with any permission on the view" + permissionFilter: Permission, + + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, + + "The amount of results to return." + limit: Int = 50): Users! @stability(level: ShortTerm) + + """ + Groups with assigned roles. + Stability: Long-term + """ + groups: [Group!]! @stability(level: LongTerm) + + "Stability: Long-term" + starredFields: [String!]! @stability(level: LongTerm) + + "Stability: Long-term" + recentQueriesV2: [RecentQuery!]! @stability(level: LongTerm) + + "Stability: Long-term" + automaticSearch: Boolean! @stability(level: LongTerm) + + """ + Check if the current user is allowed to perform the given action on the view. + Stability: Long-term + """ + isActionAllowed( + "The action to check if a user is allowed to perform on a view." + action: ViewAction!): Boolean! @stability(level: LongTerm) + + """ + Returns the all actions the user is allowed to perform on the view. + Stability: Long-term + """ + allowedViewActions: [ViewAction!]! @stability(level: LongTerm) + + """ + The query prefix prepended to each search in this domain. + Stability: Long-term + """ + viewerQueryPrefix: String! @stability(level: LongTerm) + + """ + All tags from all datasources. + Stability: Long-term + """ + tags: [String!]! @stability(level: LongTerm) + + """ + The resource identifier for this search domain. + Stability: Short-term + """ + resource: String! @stability(level: ShortTerm) + + """ + The redirected query asset lookup view used for asset resolution when set. Assets like saved queries and lookup files will be resolved from this view instead of the current view. + Stability: Preview + """ + redirectQueryAssetLookupTo: SearchDomain @stability(level: Preview) + + """ + The AWS External ID used when assuming roles in AWS on behalf of this repository. + Stability: Long-term + """ + awsExternalId: String! @stability(level: LongTerm) + + """ + The ARN of the AWS IAM identity that will write to S3 for S3 actions. + Stability: Long-term + """ + s3ActionArn: String @stability(level: LongTerm) + + """ + All interactions defined on the view. + Stability: Long-term + """ + interactions: [ViewInteraction!]! @stability(level: LongTerm) + + """ + A saved alert + Stability: Long-term + """ + alert(id: String!): Alert! @stability(level: LongTerm) + + """ + Saved alerts. + Stability: Long-term + """ + alerts: [Alert!]! @stability(level: LongTerm) + + """ + A saved dashboard. + Stability: Long-term + """ + dashboard(id: String!): Dashboard! @stability(level: LongTerm) + + """ + All dashboards available on the view. + Stability: Long-term + """ + dashboards: [Dashboard!]! @stability(level: LongTerm) + + """ + A saved filter alert + Stability: Long-term + """ + filterAlert( + "Id of the filter alert. Supply either 'id' or 'name'." + id: String, + + "Name of the filter alert. Filter alerts in packages can be referred to as \"packagescope/packagename:alertname\". Supply either 'id' or 'name'." + name: String): FilterAlert! @stability(level: LongTerm) + + """ + Saved filter alerts. + Stability: Long-term + """ + filterAlerts: [FilterAlert!]! @stability(level: LongTerm) + + """ + A saved aggregate alert + Stability: Long-term + """ + aggregateAlert( + "Id of the aggregate alert. Supply either 'id' or 'name'." + id: String, + + "Name of the aggregate alert. Aggregate alerts in packages can be referred to as \"packagescope/packagename:alertname\". Supply either 'id' or 'name'." + name: String): AggregateAlert! @stability(level: LongTerm) + + """ + Saved aggregate alerts. + Stability: Long-term + """ + aggregateAlerts: [AggregateAlert!]! @stability(level: LongTerm) + + """ + A saved scheduled search. + Stability: Long-term + """ + scheduledSearch( + "Id of the scheduled search. Supply either 'id' or 'name'." + id: String, + + "Name of the scheduled search. Scheduled searches in packages can be referred to as \"packagescope/packagename:scheduledsearchname\". Supply either 'id' or 'name'." + name: String): ScheduledSearch! @stability(level: LongTerm) + + """ + Saved scheduled searches. + Stability: Long-term + """ + scheduledSearches: [ScheduledSearch!]! @stability(level: LongTerm) + + """ + A saved action. + Stability: Long-term + """ + action( + "The id of the action to get." + id: String!): Action! @stability(level: LongTerm) + + """ + A list of saved actions. + Stability: Long-term + """ + actions( + "The result will only include actions with the specified ids. Omit to find all actions." + actionIds: [String!]): [Action!]! @stability(level: LongTerm) + + """ + A saved query. + Stability: Long-term + """ + savedQuery(id: String!): SavedQuery! @stability(level: LongTerm) + + """ + Saved queries. + Stability: Long-term + """ + savedQueries: [SavedQuery!]! @stability(level: LongTerm) + + "Stability: Long-term" + defaultQuery: SavedQuery @stability(level: LongTerm) + + "Stability: Long-term" + files: [File!]! @stability(level: LongTerm) + + "Stability: Long-term" + fileFieldSearch( + "Name of the csv or json file to retrieve the field entries from." + fileName: String!, + + "Name of the field in the file to return entries from." + fieldName: String!, + + "Text to filter values by prefix on." + prefixFilter: String, + + "The exact values that given fields should have for an entry to be part of the result." + valueFilters: [FileFieldFilterType!]!, + + "Names of the fields to include in the result." + fieldsToInclude: [String!]!, + + "Maximum number of values to retrieve from the file." + maxEntries: Int!): [[DictionaryEntryType!]!]! @stability(level: LongTerm) + + """ + Saved scheduled reports. + Stability: Long-term + """ + scheduledReports: [ScheduledReport!]! @stability(level: LongTerm) + + """ + Saved scheduled report. + Stability: Long-term + """ + scheduledReport( + "The id of the scheduled report to get." + id: String!): ScheduledReport @stability(level: LongTerm) +} + +"Actions a user may perform on a view." +enum ViewAction { + ChangeConnections + ChangeUserAccess + + "Denotes if you can administer alerts and scheduled searches" + ChangeTriggers + CreateTriggers + + "Denotes if you can administer actions" + ChangeActions + CreateActions + ChangeInteractions + ChangeViewOrRepositoryDescription + ChangeDashboards + CreateDashboards + ChangeDashboardReadonlyToken + ChangeFdrFeeds + ChangeDataspaceKind + ChangeFdrFeedControls + ReadFdrFeeds + ChangeIngestFeeds + ChangeFiles + CreateFiles + ChangeParsers + DeleteParsers + ChangeSavedQueries + CreateSavedQueries + ConnectView + ConnectMultiClusterView + ChangeDataDeletionPermissions + ChangeRetention + ChangeTimeBasedRetention + ChangeSizeBasedRetention + ChangeDefaultSearchSettings + ChangeS3ArchivingSettings + ChangeArchivingSettings + DeleteDataSources + DeleteRepositoryOrView + DeleteEvents + + "Denotes if you can see log events" + ReadEvents + ChangeIngestTokens + ChangePackages + + "Denotes if you can administer event forwarding rules" + EventForwarding + ChangeIngestListeners + ChangePermissionTokens + ChangeIngestBlocking + ChangeFieldsToBeRemovedBeforeParsing + ExportQueryResults + ChangeOrganizationOwnedQueries + ReadExternalFunctions + ChangeScheduledReports + CreateScheduledReports + GenerateParsers + SaveSearchResultAsWidget + TestActions + GenerateQueryExplanations +} + +"Represents the connection between a view and an underlying repository." type ViewConnection { -""" -The underlying repository -Stability: Long-term -""" - repository: Repository! -""" -The filter applied to all results from the repository. -Stability: Long-term -""" - filter: String! -""" -Stability: Long-term -""" - languageVersion: LanguageVersion! + """ + The underlying repository + Stability: Long-term + """ + repository: Repository! @stability(level: LongTerm) + + """ + The filter applied to all results from the repository. + Stability: Long-term + """ + filter: String! @stability(level: LongTerm) + + "Stability: Long-term" + languageVersion: LanguageVersion! @stability(level: LongTerm) + + """ + The name of the repository that the view connects to. This field is available, even if the user querying this endpoint does not have access to the underlying repository, unlike the `repository` field. + Stability: Long-term + """ + repositoryName: RepoOrViewName! @stability(level: LongTerm) } -""" -An interaction available across search and dashboards -""" +"The repositories this view will read from." +input ViewConnectionInput { + "The name of the connected repository." + repositoryName: String! + + "The filter applied to all results from the repository." + filter: String! + languageVersion: LanguageVersionEnum = legacy +} + +"An interaction available across search and dashboards" type ViewInteraction { -""" -Stability: Long-term -""" - id: String! -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - displayName: String! -""" -Stability: Long-term -""" - description: String - assetType: AssetType! -""" -Stability: Long-term -""" - packageId: VersionedPackageSpecifier -""" -Stability: Long-term -""" - package: PackageInstallation + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + displayName: String! @stability(level: LongTerm) + + "Stability: Long-term" + description: String @stability(level: LongTerm) + + "Stability: Long-term" + packageId: VersionedPackageSpecifier @stability(level: LongTerm) + + "Stability: Long-term" + package: PackageInstallation @stability(level: LongTerm) + + "Stability: Long-term" + searchDomain: SearchDomain! @stability(level: LongTerm) + + "Stability: Long-term" + interaction: QueryBasedWidgetInteraction! @stability(level: LongTerm) + + """ + Metadata related to the creation of the interaction + Stability: Long-term + """ + createdInfo: AssetCommitMetadata @stability(level: LongTerm) + + """ + Metadata related to the latest modification of the interaction + Stability: Long-term + """ + modifiedInfo: AssetCommitMetadata @stability(level: LongTerm) } -""" -A defined view interaction -""" +"A defined view interaction" type ViewInteractionEntry { -""" -Stability: Preview -""" - id: String! -""" -Stability: Preview -""" - view: SearchDomain! -""" -Stability: Preview -""" - interaction: QueryBasedWidgetInteraction! -""" -Stability: Preview -""" - packageId: VersionedPackageSpecifier -""" -Stability: Preview -""" - package: PackageInstallation + "Stability: Preview" + id: String! @stability(level: Preview) + + "Stability: Preview" + interaction: QueryBasedWidgetInteraction! @stability(level: Preview) + + "Stability: Preview" + packageId: VersionedPackageSpecifier @stability(level: Preview) + + "Stability: Preview" + package: PackageInstallation @stability(level: Preview) + + "Stability: Long-term" + viewInteraction: ViewInteraction! @stability(level: LongTerm) + + "Stability: Preview" + view: SearchDomain! @stability(level: Preview) } type ViewInteractionTemplate { -""" -Stability: Long-term -""" - name: String! -""" -Stability: Long-term -""" - displayName: String! -""" -Stability: Long-term -""" - yamlTemplate: String! + "Stability: Long-term" + name: String! @stability(level: LongTerm) + + "Stability: Long-term" + displayName: String! @stability(level: LongTerm) + + "Stability: Long-term" + yamlTemplate: String! @stability(level: LongTerm) +} + +"View permissions token. The token allows the caller to work with the same set of view-level permissions across multiple views." +type ViewPermissionsToken implements Token { + """ + The set of permissions on the token + Stability: Long-term + """ + permissions: [String!]! @stability(level: LongTerm) + + """ + The set of views on the token. Will only list the views the user has access to. + Stability: Long-term + """ + views: [SearchDomain!]! @stability(level: LongTerm) + + """ + The permissions assigned to the token for individual view assets. + Stability: Short-term + """ + searchAssetPermissions( + "Filter results based on this string" + searchFilter: String, + + "The number of results to skip or the offset to use. For instance if implementing pagination, set skip = limit * (page - 1)" + skip: Int = 0, + + "The amount of results to return." + limit: Int = 50, + + "Choose the order in which the results are returned." + orderBy: OrderBy = ASC, + + "The sort by options for assets. Asset name is default" + sortBy: SortBy, + + "List of asset types" + assetTypes: [AssetPermissionsAssetType!], + + "List of search domain id's to search within. Null or empty list is interpreted as all search domains" + searchDomainIds: [String!], + + "Include Read, Update and/or Delete permission assignments. The filter will accept all assets if the argument Null or the empty list." + permissions: [AssetAction!]): AssetPermissionSearchResultSet! @stability(level: ShortTerm) + + """ + The id of the token. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + The name of the token. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + The time at which the token expires. + Stability: Long-term + """ + expireAt: Long @stability(level: LongTerm) + + """ + The ip filter on the token. + Stability: Long-term + """ + ipFilter: String @stability(level: LongTerm) + + """ + The ip filter on the token. + Stability: Long-term + """ + ipFilterV2: IPFilter @stability(level: LongTerm) + + """ + The date the token was created. + Stability: Long-term + """ + createdAt: Long! @stability(level: LongTerm) +} + +input ViewPermissionsTokenAssetPermissionAssignmentInput { + assetResourceIdentifier: String! + permissions: [AssetPermission!]! +} + +"A webhook action" +type WebhookAction implements Action { + """ + Method to use for the request. + Stability: Long-term + """ + method: String! @stability(level: LongTerm) + + """ + Url to send the http(s) request to. + Stability: Long-term + """ + url: String! @stability(level: LongTerm) + + """ + Headers of the http(s) request. + Stability: Long-term + """ + headers: [HttpHeaderEntry!]! @stability(level: LongTerm) + + """ + Body of the http(s) request. Can be templated with values from the result. + Stability: Long-term + """ + bodyTemplate: String! @stability(level: LongTerm) + + """ + Flag indicating whether SSL should be ignored for the request. + Stability: Long-term + """ + ignoreSSL: Boolean! @stability(level: LongTerm) + + """ + Defines whether the action should use the configured HTTP proxy to send requests. + Stability: Long-term + """ + useProxy: Boolean! @stability(level: LongTerm) + + """ + The name of the action. + Stability: Long-term + """ + name: String! @stability(level: LongTerm) + + """ + The display name of the action. + Stability: Long-term + """ + displayName: String! @stability(level: LongTerm) + + """ + The id of the action. + Stability: Long-term + """ + id: String! @stability(level: LongTerm) + + """ + A template that can be used to recreate the action. + Stability: Long-term + """ + yamlTemplate: YAML! @stability(level: LongTerm) + + "Stability: Long-term" + packageId: VersionedPackageSpecifier @stability(level: LongTerm) + + """ + The package, if any, which the action is part of. + Stability: Long-term + """ + package: PackageInstallation @stability(level: LongTerm) + + """ + False if this type of action is disabled because of a security policy, true otherwise + Stability: Long-term + """ + isAllowedToRun: Boolean! @stability(level: LongTerm) + + """ + True if this action is used by triggers, where the query is run by the organization. If true, then the OrganizationOwnedQueries permission is required to edit the action. + Stability: Long-term + """ + requiresOrganizationOwnedQueriesPermissionToEdit: Boolean! @stability(level: LongTerm) + + """ + Allowed asset actions + Stability: Short-term + """ + allowedActions: [AssetAction!]! @stability(level: ShortTerm) + + """ + The resource identifier for this action. + Stability: Short-term + """ + resource: String! @stability(level: ShortTerm) + + """ + Metadata related to the creation of the action + Stability: Long-term + """ + createdInfo: AssetCommitMetadata @stability(level: LongTerm) + + """ + Metadata related to the latest modification of the action + Stability: Long-term + """ + modifiedInfo: AssetCommitMetadata @stability(level: LongTerm) + + """ + Labels to categorize the action. + Stability: Preview + """ + labels: [String!] @stability(level: Preview) } type WellKnownEndpointDetails { -""" -Stability: Long-term -""" - issuer: String! -""" -Stability: Long-term -""" - authorizationEndpoint: String -""" -Stability: Long-term -""" - jwksEndpoint: String -""" -Stability: Long-term -""" - registrationEndpoint: String -""" -Stability: Long-term -""" - tokenEndpoint: String -""" -Stability: Long-term -""" - tokenEndpointAuthMethod: String! -""" -Stability: Long-term -""" - userInfoEndpoint: String + "Stability: Long-term" + issuer: String! @stability(level: LongTerm) + + "Stability: Long-term" + authorizationEndpoint: String @stability(level: LongTerm) + + "Stability: Long-term" + jwksEndpoint: String @stability(level: LongTerm) + + "Stability: Long-term" + registrationEndpoint: String @stability(level: LongTerm) + + "Stability: Long-term" + tokenEndpoint: String @stability(level: LongTerm) + + "Stability: Long-term" + tokenEndpointAuthMethod: String! @stability(level: LongTerm) + + "Stability: Long-term" + userInfoEndpoint: String @stability(level: LongTerm) } -""" -A dashboard widget. -""" +"A dashboard widget." interface Widget { -""" -A dashboard widget. -""" - id: String! -""" -A dashboard widget. -""" - title: String! -""" -A dashboard widget. -""" - description: String -""" -A dashboard widget. -""" - x: Int! -""" -A dashboard widget. -""" - y: Int! -""" -A dashboard widget. -""" - width: Int! -""" -A dashboard widget. -""" - height: Int! + "Stability: Long-term" + id: String! @stability(level: LongTerm) + + "Stability: Long-term" + title: String! @stability(level: LongTerm) + + "Stability: Long-term" + description: String @stability(level: LongTerm) + + "Stability: Long-term" + x: Int! @stability(level: LongTerm) + + "Stability: Long-term" + y: Int! @stability(level: LongTerm) + + "Stability: Long-term" + width: Int! @stability(level: LongTerm) + + "Stability: Long-term" + height: Int! @stability(level: LongTerm) +} + +input WidgetInput { + id: String! + title: String! + description: String + x: Int! + y: Int! + width: Int! + height: Int! + queryOptions: WidgetQueryPropertiesInput + noteOptions: WidgetNotePropertiesInput + linkOptions: WidgetLinkPropertiesInput + parameterPanelOptions: WidgetParameterPanelPropertiesInput } type WidgetInteractionCondition { -""" -Stability: Long-term -""" - fieldName: String! -""" -Stability: Long-term -""" - operator: FieldConditionOperatorType! -""" -Stability: Long-term -""" - argument: String! + "Stability: Long-term" + fieldName: String! @stability(level: LongTerm) + + "Stability: Long-term" + operator: FieldConditionOperatorType! @stability(level: LongTerm) + + "Stability: Long-term" + argument: String! @stability(level: LongTerm) } -""" -A key being traced by worker query tracing. -""" +input WidgetLinkPropertiesInput { + labels: [String!]! +} + +input WidgetNotePropertiesInput { + text: String! + backgroundColor: String + textColor: String +} + +input WidgetParameterPanelPropertiesInput { + parameterIds: [String!]! +} + +input WidgetQueryPropertiesInput { + queryString: String! + start: String! + end: String! + widgetType: String! + options: String + dashboardLinkInteractions: [DashboardLinkInteractionInput!] + customLinkInteractions: [CustomLinkInteractionInput!] + searchLinkInteractions: [SearchLinkInteractionInput!] + updateParametersInteractions: [UpdateParametersInteractionInput!] +} + +"A key being traced by worker query tracing." type WorkerQueryTracingItem { -""" -Stability: Preview -""" - key: String! -""" -Stability: Preview -""" - expiry: Long! + "Stability: Preview" + key: String! @stability(level: Preview) + + "Stability: Preview" + expiry: Long! @stability(level: Preview) } -""" -The state of worker query tracing. -""" +"The state of worker query tracing." type WorkerQueryTracingState { -""" -Stability: Preview -""" - items: [WorkerQueryTracingItem!]! + "Stability: Preview" + items: [WorkerQueryTracingItem!]! @stability(level: Preview) } scalar YAML -""" -Common interface for contractual parts of the limit -""" +"Common interface for contractual parts of the limit" interface contractual { -""" -Common interface for contractual parts of the limit -""" - includeUsage: Boolean! + "\nStability: Long-term" + includeUsage: Boolean! @stability(level: LongTerm) } -type drilldowns { -""" -Get the query that returns the underlying events for the given fields. -Stability: Preview -""" - sourceEventsForFieldsQuery( - fields: [String!]! - ): SourceEventsQueryResultType! +"The input required to delete an external function specification." +input deleteExternalFunctionInput { + "The name of the external function to delete." + name: String! } -""" -A namespace for various query analyses and transformations. -""" -type queryAnalysis { -""" -Stability: Preview -""" - drilldowns: drilldowns! -""" -Checks if a query is fit for use for a filter alert -""" - isValidFilterAlertQuery( - viewName: String! - ): Boolean! -""" -The query contains an aggregator -Stability: Preview -""" - isAggregate: Boolean! -""" -The query does not contain a join-like function or defineTable() -Stability: Preview -""" - isSinglePhase: Boolean! -""" -The query string up to the first aggregator -Stability: Preview -""" - filterPart: String! +type drilldowns { + """ + Get the query that returns the underlying events for the given fields. + Stability: Preview + """ + sourceEventsForFieldsQuery(fields: [String!]!): SourceEventsQueryResultType! @stability(level: Preview) } -""" -The `BigDecimal` scalar type represents signed fractional values with arbitrary precision. -""" -scalar BigDecimal - -""" -The `BigInt` scalar type represents non-fractional signed whole numeric values. BigInt can represent arbitrary big values. -""" -scalar BigInt - -""" -The `Boolean` scalar type represents `true` or `false`. -""" -scalar Boolean - -""" -The `Float` scalar type represents signed double-precision fractional values as specified by [IEEE 754](https://en.wikipedia.org/wiki/IEEE_754). -""" -scalar Float +"FDR test errors" +union error = TestFdrValidationError | TestFdrRequestError -""" -The `Int` scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1. -""" -scalar Int +"A namespace for various query analyses and transformations." +type queryAnalysis { + "Stability: Preview" + drilldowns: drilldowns! @stability(level: Preview) + + """ + The query contains an aggregator + Stability: Preview + """ + isAggregate: Boolean! @stability(level: Preview) + + """ + The query does not contain a join-like function or defineTable() + Stability: Preview + """ + isSinglePhase: Boolean! @stability(level: Preview) + + """ + The query string up to the first aggregator + Stability: Preview + """ + filterPart: String! @stability(level: Preview) +} + +"The secret handle query result set" +type secretHandleQueryResultSet { + """ + The total number of matching results + Stability: Preview + """ + totalResults: Int! @stability(level: Preview) + + """ + The paginated result set + Stability: Preview + """ + results: [SecretHandle!]! @stability(level: Preview) +} -""" -The `Long` scalar type represents non-fractional signed whole numeric values. Long can represent values between -(2^63) and 2^63 - 1. -""" -scalar Long +type setAutomaticSearching { + "Stability: Long-term" + automaticSearch: Boolean! @stability(level: LongTerm) +} -""" -The `String` scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text. -""" -scalar String +type updateDefaultRoleMutation { + "Stability: Long-term" + group: Group! @stability(level: LongTerm) +} +"A user or pending user, depending on whether an invitation was sent" +union userOrPendingUser = User | PendingUser -# Fetched from version 1.180.0--build-2981--sha-eba6ae23b00e69c90317d596a09527ab206e8bfc \ No newline at end of file +"Marks the stability level of the field or enum value." +directive @stability(level: StabilityLevel!) on ENUM_VALUE | FIELD_DEFINITION | INPUT_FIELD_DEFINITION diff --git a/internal/api/parsers.go b/internal/api/parsers.go index 99a93b9..5dd5323 100644 --- a/internal/api/parsers.go +++ b/internal/api/parsers.go @@ -65,23 +65,10 @@ func (p *Parsers) List(repositoryName string) ([]ParserListItem, error) { } func (p *Parsers) Delete(repositoryName string, parserName string) error { - status, getStatusErr := p.client.Status() - if getStatusErr != nil { - return getStatusErr - } - - atLeast, versionParseErr := status.AtLeast(LogScaleVersionWithParserAPIv2) - if versionParseErr != nil { - return versionParseErr - } parser, err := p.client.Parsers().Get(repositoryName, parserName) if err != nil { return err } - if !atLeast { - _, err = humiographql.LegacyDeleteParserByID(context.Background(), p.client, repositoryName, parser.ID) - return err - } _, err = humiographql.DeleteParserByID(context.Background(), p.client, repositoryName, parser.ID) return err @@ -91,56 +78,6 @@ func (p *Parsers) Add(repositoryName string, newParser *Parser, allowOverwriting if newParser == nil { return nil, fmt.Errorf("newFilterAlert must not be nil") } - status, getStatusErr := p.client.Status() - if getStatusErr != nil { - return nil, getStatusErr - } - atLeast, versionParseErr := status.AtLeast(LogScaleVersionWithParserAPIv2) - if versionParseErr != nil { - return nil, versionParseErr - } - - if !atLeast { - testData := make([]string, len(newParser.TestCases)) - for i, testCase := range newParser.TestCases { - testData[i] = testCase.Event.RawString - } - resp, err := humiographql.LegacyCreateParser( - context.Background(), - p.client, - repositoryName, - newParser.Name, - testData, - newParser.FieldsToTag, - newParser.Script, - allowOverwritingExistingParser, - ) - if err != nil { - return nil, err - } - - respCreateParser := resp.GetCreateParser() - respParser := respCreateParser.GetParser() - respTestCases := respParser.GetTestCases() - testCases := make([]ParserTestCase, len(respTestCases)) - for idx, testCase := range respTestCases { - event := testCase.GetEvent() - testCases[idx] = ParserTestCase{ - Event: ParserTestEvent{ - RawString: event.GetRawString(), - }, - Assertions: nil, - } - } - return &Parser{ - ID: respParser.GetId(), - Name: respParser.GetName(), - Script: respParser.GetScript(), - TestCases: testCases, - FieldsToTag: respParser.GetFieldsToTag(), - FieldsToBeRemovedBeforeParsing: respParser.GetFieldsToBeRemovedBeforeParsing(), - }, nil - } testCasesInput := make([]humiographql.ParserTestCaseInput, len(newParser.TestCases)) for j, pa := range newParser.TestCases { @@ -220,45 +157,6 @@ func (p *Parsers) Add(repositoryName string, newParser *Parser, allowOverwriting } func (p *Parsers) Get(repositoryName string, parserName string) (*Parser, error) { - status, err := p.client.Status() - if err != nil { - return nil, err - } - atLeast, err := status.AtLeast(LogScaleVersionWithParserAPIv2) - if err != nil { - return nil, err - } - if !atLeast { - resp, err := humiographql.LegacyGetParser( - context.Background(), - p.client, - repositoryName, - parserName, - ) - if err != nil { - return nil, err - } - - respRepository := resp.GetRepository() - respParser := respRepository.GetParser() - respTestCases := respParser.GetTestData() - testCases := make([]ParserTestCase, len(respTestCases)) - for idx, testCase := range respTestCases { - testCases[idx] = ParserTestCase{ - Event: ParserTestEvent{ - RawString: testCase, - }, - } - } - return &Parser{ - ID: respParser.GetId(), - Name: respParser.GetName(), - Script: respParser.GetSourceCode(), - TestCases: testCases, - FieldsToTag: respParser.GetTagFields(), - }, nil - } - parserList, err := p.List(repositoryName) if err != nil { return nil, err