Alerting

ZenDesk incident

fman82
Explorer

Anyone create an App/script to integrate with ZenDesk (such as open an incident via API) which they wish to share?

skender27
Contributor

Hi,

This is not the answer, but maybe this could help!

I tried this way: to get the list of all ticket from my Zendesk instance in .json format
curl -u username@example.com:password https://my_instance.zendesk.com/api/v2/tickets.json

or a particular ticket (in this case no. 13)
curl -u username@example.com:password https://my_instance.zendesk.com/api/v2/tickets/13json

And the same way for users (clients):
curl -u username@example.com:password https://my_instance.zendesk.com/api/v2/users.json

For all other https methods I read cerefully:
https://developer.zendesk.com/rest_api/docs/core/introduction

Bye,
Skender

0 Karma

sbrant_splunk
Splunk Employee
Splunk Employee

Here is a script I wrote to open a Zendesk ticket. By naming the saved search with the proper fields, the fields get parsed out and make for a more meaningful ticket title. It isn't pretty but should get you started. It's written in Python 2.x:

import pycurl
import StringIO
import sys
import re

# ---- Splunk Output (input for this script)
scriptName = sys.argv[0]      # Script name
eventReturned = sys.argv[1]   # Number of events returned
searchTerms = sys.argv[2]     # Search terms
queryString = sys.argv[3]     # Fully qualified query string
searchName = sys.argv[4]      # Name of saved search
triggerReason = sys.argv[5]   # Trigger reason
searchURL = sys.argv[6]       # URL to the saved search
resultsFileRaw = sys.argv[8]  # File where the results for this search are stored (raw)

# ---- Parse Splunk search name to help populate zendesk ticket
zdFields = re.match('^Saved\sSearch\s\["(?P<company>.*?)"\s(?P<priority>\d)\s"(?P<description>.*?)"\]\snumber\sof\sevents.*?$', triggerReason)
zdCompany = zdFields.group('company')
zdPriority = zdFields.group('priority')
zdDesc = zdFields.group('description')

# ---- Global Variables for CURL calls
xmlRequest = '<ticket><subject>' + zdCompany + ': ' + zdDesc + '</subject><description>' + searchURL + '</description><priority-id>' + zdPriority + '</priority-id><ticket-type-id>2</ticket-type-id><requester_id>54</requester_id></ticket>'
ncServerMaxTime = 1
zdURL = "http://sb.zendesk.com/tickets.xml"  # URL to your zendesk page
USER = "<username>"
PASS = "<password>"


# ---- Main
c = pycurl.Curl()
c.setopt(pycurl.URL, zdURL)
c.setopt(pycurl.POST, 1)
c.setopt(pycurl.USERPWD, "%s:%s" % (USER,PASS))
c.setopt(pycurl.HTTPHEADER, ["Content-Type: application/xml"])
c.setopt(pycurl.TIMEOUT, ncServerMaxTime)
c.setopt(pycurl.CONNECTTIMEOUT, ncServerMaxTime)
c.setopt(pycurl.NOSIGNAL, 1)
c.setopt(pycurl.POSTFIELDS, xmlRequest)
b = StringIO.StringIO()
c.setopt(pycurl.WRITEFUNCTION, b.write)
c.perform()
Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...