Splunk® Supported Add-ons

Splunk Add-on for Jira Cloud

Configure inputs for the Splunk Add-on for Jira Cloud

To configure Jira Audit input for the Splunk Add-on for Jira Cloud:

  1. In Splunk Web, go to the Splunk Add-on for Jira Cloud, either by clicking the name of this add-on on the left navigation banner or by going to Manage Apps, then clicking Launch App in the row for the Splunk Add-on for Jira Cloud.
  2. Click the Inputs tab.
  3. Click Create New Input and select "Jira Audit"
  4. Fill in the fields:
    Field Description
    API token Select the API token you have created. See Configure credentials for Splunk Add-on for Jira Cloud.
    Name A name for the new input.
    UTC Start Time The date and time on or after which returned audit records must have been created. Jira Cloud audit records are limited by retention period as described in <https://support.atlassian.com/jira-cloud-administration/docs/audit-activities-in-jira-applications/#AuditinginJiraapplications-Editauditlogsettings>.

    Format: YYYY-MM-DDThh:mm:ss This field is optional. If not defined, the initial checkpoint is the first time that the input is run.

    Interval How often, in seconds, the Splunk platform calls the API to collect data.
    Index The index in which the Splunk Platform stores events from Jira Cloud. The default is "Main".

To configure Jira Issues input to fetch Issues from the Jira Cloud instance using Splunk Add-on for Jira Cloud:

  1. In Splunk Web, go to the Splunk Add-on for Jira Cloud.
  2. Click the Inputs tab.
  3. Click Create New Input and select "Jira Issues".
  4. Fill in the fields:
    Field Description
    API token Select the API token you have created. See Configure credentials for Splunk Add-on for Jira Cloud.
    Name A name for the new input.
    Projects After you select API Token, the multi-select list will be populated depending on the projects available in the Jira Cloud instance
    UTC Start Date UTC Date from which the user wants to start fetching the Jira issues in format YYYY-MM-DD hh:mm. The default start date value is 30 days ago in UTC
    Interval The input polling interval, in seconds
    Include jira fields The fields that you want to include in the jira issue response. Provide a comma-separated list of values. For example assignee, reporter, severity. By default, the configured "time field" of the event will always be included in the issue response. If the user provides the value for "Exclude jira fields", then this field will be disabled
    Exclude jira fields The fields that you want to exclude from the jira issue response. Provide a comma-separated list of values. For example assignee, reporter, severity. If the user provides the value for "Include Jira fields", then this field will be disabled
    Time field This field will be used for making API Calls to fetch Jira issues. Default value: updated. It is recommended not to modify the default value. Please provide a single value here as this is not a multi-value field.
    Filter parameters You can provide Jira filter here as per JQL syntax, for example, labels="temp" AND summary ~ "temp". It is recommended that the time-related fields should not be included in the filters to avoid data collection discrepancies.
    Index Index in which you want to collect data

Please do not provide the same information in "exclude jira fields" and "time field" while configuring the input. For example: "Exclude Jira fields - created, priority, description" and "Time field - created". This will obstruct the checkpoint mechanism and data collection

Upon successful execution of the Jira Issues modinput, the add-on will collect Jira issues with all the fields associated with the issues. It will also include the custom fields that might not be important for the user, they can exclude those fields in the "Exclude jira fields" option while configuring the modular input

Last modified on 03 September, 2024
Set up Splunk Add-on for Jira Cloud   Configure Alert Actions for the Splunk Add-on for Jira Cloud

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters