All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Jira Service Desk simple AddOn sometimes sends null values(Customfields)

Newbie_geonu
Observer
‎11-13-2024 11:08 PM

Hello experts. I'm a Splunk newbie.

I am using the Jira Service Desk simple AddOn to send Splunk alarms to Jira tickets.

We also confirmed that Splunk alarms were successfully raised through Jira tickets. However, sometimes it is the same alarm, but a specific alarm receives the customfield value well, but there are cases where no value is retrieved.

 

In Splunk, it is confirmed that the value exists, but the value cannot be retrieved. No matter how much I searched, I couldn't find out what the reason was. If the Jira and Splunk field mappings are incorrect, you shouldn't be able to get the value from all tickets, but you can't get it from a specific ticket... What's the problem?

Example here... The Client value is always a value. However, as shown in the images, the customer value does not exist. 

Newbie_geonu_2-1731567740023.png

[Error Ticket]

 

Newbie_geonu_3-1731567815400.png

[Normal Ticket]

 

 

 

 

Labels (2)
Labels
0 Karma
Reply

marnall
Motivator
a month ago

Is there any pattern between the ticket type and the values appearing? E.g. does the Customer value always appear in Normal Tickets but never in Error Tickets? Or does it look random?

Also when you say that "In Splunk, it is confirmed that the value exists", can you say it definitely exists for all records, even for the tickets that say it doesn't exist? Try running your alert search, but looking for rows where the field does not have a value.

<yoursearch>
| search NOT Client=*
0 Karma
Reply

Newbie_geonu
Observer
4 weeks ago

thank you for your reply

The client value is a value that always exists and is confirmed in splunk, but the value is not received in the error ticket. In addition, other values ​​(time, reason) cannot be received.

Currently, I am receiving multiple values ​​such as customer, time, reason, etc. as a Jira custom field, but I am wondering if even one value is incorrect (e.g. when the reason field exceeds the length limit), I will not be able to receive all mapped values.

However, I created a custom field with the same type (multi-line) as the Jira description field and tested it by entering the same value, but the value was not received only in the custom field. Example photos are below:

 

[normal ticket]

Newbie_geonu_17-1733295837468.png

 

 

 

[erro ticket]

Newbie_geonu_18-1733295921788.png

 

 

 

 

Tags (1)
0 Karma
Reply

Newbie_geonu
Observer
4 weeks ago

hi, thank you for your reply

In the error ticket, all parts mapped to Jira customfield (e.g. "customfield_10211": "$result.client$") are not included.

In regular tickets, customer values, time, etc. are always present, but in error tickets, none of the values ​​mapped to customfield are coming in, even though they are confirmed in Splunk.

If there is a problem with even one customfield value, can I not retrieve other values ​​as well?

(For example, there are two Jira custom fields, client and reason. However, the reason field is a single line type, so there is a length limit. If the length limit is exceeded, i will not be able to retrieve values ​​from not only the reason field but also the client field...)

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...