Archive

Jira Add-on Issues with Extractions

Communicator

Hi Everyone!

I have recently installed the Splunk Jira Add-on (https://splunkbase.splunk.com/app/1438/) in our development environment. We're an MSP, and provide MI packs to all of our customers at the end of every month. Our ultimate use case is to automate the standard info-gathering stages (how many tickets, how many closed vs open, escalations vs closures, etc.) by pulling the relevant data from Jira to Splunk and then having Splunk work some formatting magic on the data.

As it currently stands:

  • Add-on is installed, configured and is successfully pulling data from Jira using "| jira issues ";
  • Using "| collect" command to ingest the data we want into index=prod_jira sourcetype=jira_issues;
  • Modular input is configured, but not currently in use (We want to pull on an "as needed basis");

The Problem:

  • When ingesting into index=prod_jira sourcetype=jira_issues, Splunk does not seem to recognise it is JSON format, and adding KV_MODE = JSON in props.conf doesn't seem to help;

alt text

  • When pulling data from Jira using "| jira issues ", Splunk doesn't seem to want to extract all of the JSON fields, which just coincidentally hold the fields I want to track/manipulate;

alt text

I'm at a bit of a loss as to how I can get this sorted (it's been a long weekend) and I'm gutted that I've gotten this far only to be defeated by what is (usually) a trivial matter.

Any thoughts or assistance would be greatly appreciated.

Kind regards,
Mike

P.S. Also, out of curiosity, is there any particular way to query Jira from Splunk (or ingest data from Jira) and only pull certain fields (i.e. give the ticket ref, summary, resolution, status, assignee, etc.) for matching JQL results?

Tags (2)
1 Solution

Splunk Employee
Splunk Employee

Hi Mike,

Unfortunately this is not Splunk supported but I did the work on the command itself before this version so might be able to lend a hand. For extractions I'd try simply adding |table * behind your issues command (|jira issues 1|table *) for example for filter 1. This should allow the command to just send you CSV row data instead of Splunk guessing from the _raw returned. If you're still not getting the field extractions, it's possible that this older version doesn't have the necessary MV capability built in.

And yes, you can absolutely filter by the fields -

|jira issues 1 fields "comma-separated field list"|table *

Note that the command expects API fields for this list. An example in my instance would be -

| jira issues 10 fields "key,creator"|table *

If this doesn't work, please feel free to email me and we can work together to get this working for you.

View solution in original post

0 Karma

Path Finder

Hi Everyone ,

Can you please give me the steps to configure this add-on and to pulling data from Jira .

Thank you !

0 Karma

Splunk Employee
Splunk Employee

Hi Mike,

Unfortunately this is not Splunk supported but I did the work on the command itself before this version so might be able to lend a hand. For extractions I'd try simply adding |table * behind your issues command (|jira issues 1|table *) for example for filter 1. This should allow the command to just send you CSV row data instead of Splunk guessing from the _raw returned. If you're still not getting the field extractions, it's possible that this older version doesn't have the necessary MV capability built in.

And yes, you can absolutely filter by the fields -

|jira issues 1 fields "comma-separated field list"|table *

Note that the command expects API fields for this list. An example in my instance would be -

| jira issues 10 fields "key,creator"|table *

If this doesn't work, please feel free to email me and we can work together to get this working for you.

View solution in original post

0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!