firebus / splunk-jira Goto Github PK

I checked jira.py and jira_soap.py, and found jura_soap.py didn't get key set and customFields from jira.conf as jira.py
As a result, only those hardcoded fields will be put in table.

I saw a TODO comment in jira_soap.py.

Could you please enhance that part? The JIRA system I use have many customized fields, and only can be called via SOAP API.

If you don't have leisure time to fix this, then I have to fork this and change jira_soap.py from time to time. That'll be a quick and dirty solution.

Thank you in advanced.

Per http://www.georgestarcher.com/2014/02/16/splunk-alert-scripts-automating-control/

Create a new JIRA Issue from a Splunk search.

• User selects a workflow/menu item next to an event to create an issue
• Issue summary is pre-filled and description contains link to search and text of event
• User fills out the rest of the fields before creating the JIRA
• If it's not possible to open the JIRA create issue form with fields pre-filled, we'd need to implement the form in the Splunk UI

In the SearchXML response, there are separate sets of inbound and outbound links. There are also different kinds of links. We should merge links into a single multi-value field, and find a way to represent the type, direction, and target.

Done in new Rest Command.

Fields like links, subtasks, etc. have a nested representation in SearchXML's response format. In order to target them, we need to add an xpath to the configuration. e.g.

keys = labels/label, subtasks/subtask

Let's find a way to abbreviate these fields in the output, or to alias xpaths to field names in some general way

It should be possible to pipe search results into a comment on an existing JIRA Issue

Not able to find "Assignment Time" and "Time to resolution" which is present in the SLA fields in the result events in splunk after running the jqlsearch in splunk. Why we are not getting these fields and how to get them in splunk.

I checked the script and found the url being formed is
https://jira.lufthansa.com/rest/api/2/search?jql=comment%20~%20%22Nimish%20Kumar%22%20AND%20resolved%20%3E%3D%20-12w
which is working fine but the jqlquey search in splunk is not working.

the url formed is working

Could you please tell why the search from splunk is not giving ny result

So that we don't have to wait forever to start seeing results when there are >1000 Issues returned

the functionality in jira.py doesn't seem to work. I get a correct number of results but no fields.

jira and jirasoap both the the _raw field in their result rows, so that if you run the 'events' version of the command, you have something to look at in the events

however, when _raw is set and you collect results in a summary index, the summary index ignores the existing fields, and re-parses _raw instead.

if we want to set _raw, we need to make is parseable - which is actually a little annoying for things like multivalue fields. it would be nice if intersplunk.outputResults would return directly instead of writing to file. maybe there's some way to make python do this that i'm missing.

in an case, this bug is to remove the _raw field entirely, and we'll open a separate issue to add a working _raw field.

I'm trying to set this up and I keep getting command="jirasoap", <urlopen error [Errno 111] Connection refused>. I can log in using curl from that Splunk machine, so the only thing I can think of is that this app is not compatible with Jira 6.0.

When passing queries that contain characters that should be encoded (#,$,%) the queries will fail due to improper handling.

Reported originally in #13, spinning off a separate Issue/Bug for this.

Currently _time is set to now() when events/results are created. Some folks might want _time set to the updated or created fields. Let's add an option to the command to support setting _time to some other time field in the Issue

And then deprecate the SOAP and SearchXML interfaces.

Using the changelog command on a Jira issue which contains one or more changelog entries without an author will cause the changelog command to return 0 results:

| jira changelog key=SPL-128702

The above-mentioned Jira issue contains multiple entries in the changelog which show up in Jira as: Anonymous made changes...

When running the above command, these errors were observed in search.log:

03-22-2017 16:39:36.659 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/jira/bin/jira_rest.py changelog key=SPL-128702':  Traceback (most recent call last):
03-22-2017 16:39:36.659 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/jira/bin/jira_rest.py changelog key=SPL-128702':    File "/opt/splunk/etc/apps/jira/bin/jira_rest.py", line 440, in <module>
03-22-2017 16:39:36.659 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/jira/bin/jira_rest.py changelog key=SPL-128702':      row['user'] = field['author']['name']
03-22-2017 16:39:36.659 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/jira/bin/jira_rest.py changelog key=SPL-128702':  KeyError: 'author'
03-22-2017 16:39:36.669 WARN  ScriptRunner - Killing script, probably timed out, grace=0sec, script="/opt/splunk/bin/python /opt/splunk/etc/apps/jira/bin/jira_rest.py changelog key=SPL-128702"

Previous version would return a Reporter name, Status name etc., overhaul of jira_rest.py now returns what seems an exhaustive set of properties for each field ( the reporter's id, path for icon, icon size etc).

While these things might be useful in some cases (hard to imagine where the icon size would be relevant, but who knows), the real issue is that the resulting row passed to the search results is a combination of correctly structured json with incorrectly structured json, at least to the extent that splunk can't parse it. We get the Reporter field being what looks like a json object, but are unable to directly access the sub-objects. I.E., Reporter.displayName.

Also, list objects, like the labels field, should be MV fields in the result event.

This was due to erroneous evaluation of list type where an implicit "If" statement caused the ignoring of other label fields than "Labels". Corrected in new Rest Version.

I'm not being deliberately obtuse :), but I am not getting any data from the search job. I've installed the app on my search head, opened my FW to the Jira server from my search head, but I don't see any data coming into the search. Where do I need to install this app?

Thanks

Suppose I should elaborate:
on my search head I've got $SPLUNK_HOME/etc/apps/jira/local/jira.conf & $SPLUNK_HOME/etc/apps/jira/bin/config.ini, w/ my local Jira config (host, username, port, so on).
I can telnet lira.domain.com 80 from the search head where I've installed the app. However, I'm getting Connection failed under status monitoring for the Jira server.

Are these typos intentional?

This is a JIRA Add-on for Splunk.

Download from http://www.gitub.com/firebus/splunk-jira (gitub)
Upgoat at http://splunkbase.splunk.com/apps/JIRA (Upgoat)

(I got a good crack out of upgoat :-). That should be a verb if it isn't already.)

In environments where performance is a concern the maximum number of results is far less than 1000. In environments performance cap may be set to 100 results.

If would be on line 253 or similar where reading the response header would be require.

This may allow us to inject events into an existing stream of events.

The _raw field needs to be parseable - which includes line returns between values of a multi-value fields. In essence, we'll have to duplicate the formatting of intersplunk.outputResults.