https://community.splunk.com/t5/Alerting/ZenDesk-incident/m-p/74465#M1013 <P>Here is a script I wrote to open a Zendesk ticket. By naming the saved search with the proper fields, the fields get parsed out and make for a more meaningful ticket title. It isn't pretty but should get you started. It's written in Python 2.x:</P> <PRE><CODE>import pycurl import StringIO import sys import re # ---- Splunk Output (input for this script) scriptName = sys.argv[0] # Script name eventReturned = sys.argv[1] # Number of events returned searchTerms = sys.argv[2] # Search terms queryString = sys.argv[3] # Fully qualified query string searchName = sys.argv[4] # Name of saved search triggerReason = sys.argv[5] # Trigger reason searchURL = sys.argv[6] # URL to the saved search resultsFileRaw = sys.argv[8] # File where the results for this search are stored (raw) # ---- Parse Splunk search name to help populate zendesk ticket zdFields = re.match('^Saved\sSearch\s\["(?P&lt;company&gt;.*?)"\s(?P&lt;priority&gt;\d)\s"(?P&lt;description&gt;.*?)"\]\snumber\sof\sevents.*?$', triggerReason) zdCompany = zdFields.group('company') zdPriority = zdFields.group('priority') zdDesc = zdFields.group('description') # ---- Global Variables for CURL calls xmlRequest = '&lt;ticket&gt;&lt;subject&gt;' + zdCompany + ': ' + zdDesc + '&lt;/subject&gt;&lt;description&gt;' + searchURL + '&lt;/description&gt;&lt;priority-id&gt;' + zdPriority + '&lt;/priority-id&gt;&lt;ticket-type-id&gt;2&lt;/ticket-type-id&gt;&lt;requester_id&gt;54&lt;/requester_id&gt;&lt;/ticket&gt;' ncServerMaxTime = 1 zdURL = "http://sb.zendesk.com/tickets.xml" # URL to your zendesk page USER = "&lt;username&gt;" PASS = "&lt;password&gt;" # ---- Main c = pycurl.Curl() c.setopt(pycurl.URL, zdURL) c.setopt(pycurl.POST, 1) c.setopt(pycurl.USERPWD, "%s:%s" % (USER,PASS)) c.setopt(pycurl.HTTPHEADER, ["Content-Type: application/xml"]) c.setopt(pycurl.TIMEOUT, ncServerMaxTime) c.setopt(pycurl.CONNECTTIMEOUT, ncServerMaxTime) c.setopt(pycurl.NOSIGNAL, 1) c.setopt(pycurl.POSTFIELDS, xmlRequest) b = StringIO.StringIO() c.setopt(pycurl.WRITEFUNCTION, b.write) c.perform() </CODE></PRE> Fri, 28 Sep 2012 23:02:35 GMT sbrant_splunk 2012-09-28T23:02:35Z https://community.splunk.com/t5/Alerting/ZenDesk-incident/m-p/74464#M1012 <P>Anyone create an App/script to integrate with ZenDesk (such as open an incident via API) which they wish to share?</P> Fri, 28 Sep 2012 11:49:31 GMT https://community.splunk.com/t5/Alerting/ZenDesk-incident/m-p/74464#M1012 fman82 2012-09-28T11:49:31Z https://community.splunk.com/t5/Alerting/ZenDesk-incident/m-p/74465#M1013 <P>Here is a script I wrote to open a Zendesk ticket. By naming the saved search with the proper fields, the fields get parsed out and make for a more meaningful ticket title. It isn't pretty but should get you started. It's written in Python 2.x:</P> <PRE><CODE>import pycurl import StringIO import sys import re # ---- Splunk Output (input for this script) scriptName = sys.argv[0] # Script name eventReturned = sys.argv[1] # Number of events returned searchTerms = sys.argv[2] # Search terms queryString = sys.argv[3] # Fully qualified query string searchName = sys.argv[4] # Name of saved search triggerReason = sys.argv[5] # Trigger reason searchURL = sys.argv[6] # URL to the saved search resultsFileRaw = sys.argv[8] # File where the results for this search are stored (raw) # ---- Parse Splunk search name to help populate zendesk ticket zdFields = re.match('^Saved\sSearch\s\["(?P&lt;company&gt;.*?)"\s(?P&lt;priority&gt;\d)\s"(?P&lt;description&gt;.*?)"\]\snumber\sof\sevents.*?$', triggerReason) zdCompany = zdFields.group('company') zdPriority = zdFields.group('priority') zdDesc = zdFields.group('description') # ---- Global Variables for CURL calls xmlRequest = '&lt;ticket&gt;&lt;subject&gt;' + zdCompany + ': ' + zdDesc + '&lt;/subject&gt;&lt;description&gt;' + searchURL + '&lt;/description&gt;&lt;priority-id&gt;' + zdPriority + '&lt;/priority-id&gt;&lt;ticket-type-id&gt;2&lt;/ticket-type-id&gt;&lt;requester_id&gt;54&lt;/requester_id&gt;&lt;/ticket&gt;' ncServerMaxTime = 1 zdURL = "http://sb.zendesk.com/tickets.xml" # URL to your zendesk page USER = "&lt;username&gt;" PASS = "&lt;password&gt;" # ---- Main c = pycurl.Curl() c.setopt(pycurl.URL, zdURL) c.setopt(pycurl.POST, 1) c.setopt(pycurl.USERPWD, "%s:%s" % (USER,PASS)) c.setopt(pycurl.HTTPHEADER, ["Content-Type: application/xml"]) c.setopt(pycurl.TIMEOUT, ncServerMaxTime) c.setopt(pycurl.CONNECTTIMEOUT, ncServerMaxTime) c.setopt(pycurl.NOSIGNAL, 1) c.setopt(pycurl.POSTFIELDS, xmlRequest) b = StringIO.StringIO() c.setopt(pycurl.WRITEFUNCTION, b.write) c.perform() </CODE></PRE> Fri, 28 Sep 2012 23:02:35 GMT https://community.splunk.com/t5/Alerting/ZenDesk-incident/m-p/74465#M1013 sbrant_splunk 2012-09-28T23:02:35Z https://community.splunk.com/t5/Alerting/ZenDesk-incident/m-p/74466#M1014 <P>Hi,</P> <P>This is not the answer, but maybe this could help!</P> <P>I tried this way: to get the list of all ticket from my Zendesk instance in .json format<BR /> curl -u <A href="mailto:username@example.com">username@example.com</A>:password <A href="https://my_instance.zendesk.com/api/v2/tickets.json">https://my_instance.zendesk.com/api/v2/tickets.json</A></P> <P>or a particular ticket (in this case no. 13)<BR /> curl -u <A href="mailto:username@example.com">username@example.com</A>:password <A href="https://my_instance.zendesk.com/api/v2/tickets/13json">https://my_instance.zendesk.com/api/v2/tickets/13json</A></P> <P>And the same way for users (clients):<BR /> curl -u <A href="mailto:username@example.com">username@example.com</A>:password <A href="https://my_instance.zendesk.com/api/v2/users.json">https://my_instance.zendesk.com/api/v2/users.json</A></P> <P>For all other https methods I read cerefully:<BR /> <A href="https://developer.zendesk.com/rest_api/docs/core/introduction">https://developer.zendesk.com/rest_api/docs/core/introduction</A></P> <P>Bye,<BR /> Skender</P> Mon, 28 Sep 2015 14:29:32 GMT https://community.splunk.com/t5/Alerting/ZenDesk-incident/m-p/74466#M1014 skender27 2015-09-28T14:29:32Z