All Apps and Add-ons

Jira Add-on Issues with Extractions

MikeElliott
Communicator

Hi Everyone!

I have recently installed the Splunk Jira Add-on (https://splunkbase.splunk.com/app/1438/) in our development environment. We're an MSP, and provide MI packs to all of our customers at the end of every month. Our ultimate use case is to automate the standard info-gathering stages (how many tickets, how many closed vs open, escalations vs closures, etc.) by pulling the relevant data from Jira to Splunk and then having Splunk work some formatting magic on the data.

As it currently stands:

  • Add-on is installed, configured and is successfully pulling data from Jira using "| jira issues ";
  • Using "| collect" command to ingest the data we want into index=prod_jira sourcetype=jira_issues;
  • Modular input is configured, but not currently in use (We want to pull on an "as needed basis");

The Problem:

  • When ingesting into index=prod_jira sourcetype=jira_issues, Splunk does not seem to recognise it is JSON format, and adding KV_MODE = JSON in props.conf doesn't seem to help;

alt text

  • When pulling data from Jira using "| jira issues ", Splunk doesn't seem to want to extract all of the JSON fields, which just coincidentally hold the fields I want to track/manipulate;

alt text

I'm at a bit of a loss as to how I can get this sorted (it's been a long weekend) and I'm gutted that I've gotten this far only to be defeated by what is (usually) a trivial matter.

Any thoughts or assistance would be greatly appreciated.

Kind regards,
Mike

P.S. Also, out of curiosity, is there any particular way to query Jira from Splunk (or ingest data from Jira) and only pull certain fields (i.e. give the ticket ref, summary, resolution, status, assignee, etc.) for matching JQL results?

Tags (2)
1 Solution

Flynt
Splunk Employee
Splunk Employee

Hi Mike,

Unfortunately this is not Splunk supported but I did the work on the command itself before this version so might be able to lend a hand. For extractions I'd try simply adding |table * behind your issues command (|jira issues 1|table *) for example for filter 1. This should allow the command to just send you CSV row data instead of Splunk guessing from the _raw returned. If you're still not getting the field extractions, it's possible that this older version doesn't have the necessary MV capability built in.

And yes, you can absolutely filter by the fields -

|jira issues 1 fields "comma-separated field list"|table *

Note that the command expects API fields for this list. An example in my instance would be -

| jira issues 10 fields "key,creator"|table *

If this doesn't work, please feel free to email me and we can work together to get this working for you.

View solution in original post

0 Karma

aalaa
Path Finder

Hi Everyone ,

Can you please give me the steps to configure this add-on and to pulling data from Jira .

Thank you !

0 Karma

Flynt
Splunk Employee
Splunk Employee

Hi Mike,

Unfortunately this is not Splunk supported but I did the work on the command itself before this version so might be able to lend a hand. For extractions I'd try simply adding |table * behind your issues command (|jira issues 1|table *) for example for filter 1. This should allow the command to just send you CSV row data instead of Splunk guessing from the _raw returned. If you're still not getting the field extractions, it's possible that this older version doesn't have the necessary MV capability built in.

And yes, you can absolutely filter by the fields -

|jira issues 1 fields "comma-separated field list"|table *

Note that the command expects API fields for this list. An example in my instance would be -

| jira issues 10 fields "key,creator"|table *

If this doesn't work, please feel free to email me and we can work together to get this working for you.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...