Splunk ITSI

Get Common Fields (and values) via rest API

isoscow
New Member

I created a Python script that successfully links episodes with my 3rd party ticketing system. I'm trying to populate that ticket system with some of the "common field" values associated with a given episode but I don't see a good way to do that?  Anyone have any hints on how to accomplish this? I'm probably missing something very obvious in the documentation.

 

thx!

Labels (1)
0 Karma

skramp
SplunkTrust
SplunkTrust

Hi @isoscow , I am doing this regulary, I create a new event with a correlation search which is added to my episode. In this event there are new fields with the value I want to send to my ticketing system. My Action Rule in my NEAP reacts on this fields. Here is also the conf talk Peter Zumbrink and I did this year at .conf24 where we are telling how we are doing this: https://conf.splunk.com/watch/conf-online.html?search=OBS1137C#/

0 Karma

proyleJDS
Path Finder

What incident management software are you using?

0 Karma

KendallW
Contributor

Hey @isoscow not sure if ideal/best practice/current, but we created alerts which dump results to a csv file using "| outputcsv", which also run a script as part their alert actions. The script sends the data from the csv to the third party ticketing system.

0 Karma
Get Updates on the Splunk Community!

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

Cisco Use Cases, ITSI Best Practices, and More New Articles from Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...