Then probably this https://splunkbase.splunk.com/app/5037 is what you need to look. I haven't try it, but I have use/modify some internally built alert actions on one of my Clients. It's not so hard to do that by yourself if needed. Just read Jira's REST api reference and do what is needed. ... View more

Hi!  Check out https://docs.splunk.com/Documentation/CPITSIMonitorAlert/2.2.0/CP/About for how to get started with correlation searches. This will give you the tools you need. For example "Service Monitoring - Sustained KPI Degradation (Recommended)" can be a good start.  To filter to specific to a specific service and or KPI use something like  | mstats latest(*) as * where index=itsi_summary_metrics [| `service_kpi_list` | search service_name="*" kpi_name=* | fields kpiid | rename kpiid as itsi_kpi_id | format ] by host span=1m is_entity_in_maintenance is_service_aggregate is_service_disabled is_service_in_maintenance is_service_max_severity_event itsi_kpi_id itsi_service_id itsi_team_id kpi_base_search kpi_importance ## OR from event index index=itsi_summary [|`service_kpi_list` | search service_name="*" kpi_name=* | fields kpiid | format ] | lookup service_kpi_lookup _key as itsi_service_id OUTPUT title as service_name | table _time kpi, alert_*, entity_* service*,indexed_is_service_aggregate   /Seb      ... View more