Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I capture in the below format?

sidtalup27
Explorer
‎12-05-2022 06:19 AM

Hello,

We are trying to build a dashboard for Incident SLA compliance.
The data is ingested from JIRA. Tickets are created in JIRA, and Splunk retrieves the information frequently. At this point in time, the concerned fields for me are the Ticket Number and Creation Time. However, when an existing Ticket in JIRA is updated, the new values in Splunk are updated on the existing values. Hence, I lose the previously captured, in this case, I miss out on Creation time, and the same field is updated with New Time. How can I capture in the below format? Please advise.

Ticket Number, Creation Time, Updated Time.

--
Thanks,
Siddarth

Labels (1)
Labels
0 Karma
Reply

sidtalup27
Explorer
‎12-05-2022 06:34 AM

@gcusello, can you please elaborate? My objective is to create a table of events for a key field, considering INDEX and SOURCETYPE are same.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎12-05-2022 08:05 AM

Hi @sidtalup27,

I don't know how you collect Jira data, anyway, instead saving them in a lookup save them in a summary index using the collect command so you'll have progressive events with timestamp, the correlation key and the status, so you can display these indormation in a table.

I cannot be more precise because I don't know how you populate the lookup.

Ciao.

Giuseppe

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎12-05-2022 06:23 AM

Hi @sidtalup27,

don't use a lookup to save data extracted from Jira, but a summary index so you have also the timestamp information.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Why did the turkey cross the road?

November 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...