Configure inputs for the Splunk Add-on for Jira Cloud

Configure Jira Audit input for the Splunk Add-on for Jira Cloud

Perform the following steps to configure Jira Audit input for the Splunk Add-on for Jira Cloud:

1. In Splunk Web, go to the Splunk Add-on for Jira Cloud, either by clicking the name of this add-on on the left navigation banner or by going to Manage Apps, then clicking Launch App in the row for the Splunk Add-on for Jira Cloud.
2. Click the Inputs tab.
3. Click Create New Input and select Jira Audit.

4. Enter the following information:

   • API token - Select the API token you have created. See Configure credentials for Splunk Add-on for Jira Cloud.
   • Name - A name for the new input.

   • UTC Start Time - The date and time on or after which returned audit records must have been created.

     Jira Cloud audit records are limited by retention period as described in https://support.atlassian.com/jira-cloud-administration/docs/audit-activities-in-jira-applications/#AuditinginJiraapplications-Editauditlogsettings.

     Format: YYYY-MM-DDThh:mm:ss

     This field is optional. If not defined, the initial checkpoint is the first time that the input is run.

   • Interval - How often, in seconds, the Splunk platform calls the API to collect data.

   • Index - The index in which the Splunk Platform stores events from Jira Cloud. The default is Main.

Configure Jira Issues input to fetch Issues from the Jira Cloud instance using Splunk Add-on for Jira Cloud

Perform the following steps to configure Jira Issues input to fetch Issues from the Jira Cloud instance using Splunk Add-on for Jira Cloud:

1. In Splunk Web, go to the Splunk Add-on for Jira Cloud.
2. Click the Inputs tab.
3. Click Create New Input and select Jira Issues.
4. Enter the following information:

• API token - Select the API token you have created. See Configure credentials for Splunk Add-on for Jira Cloud.
• Name - A name for the new input.
• Projects - After you select API Token, the multi-select list will be populated depending on the projects available in the Jira Cloud instance

• UTC Start Date - UTC Date from which the user wants to start fetching the Jira issues.

  The field uses the following format `YYYY-MM-DD hh:mm`.
  
  The default start date value is 30 days ago in UTC.
  

• Interval - The input polling interval, in seconds.

• Include jira fields - The fields that you want to include in the jira issue response.

  Provide a comma-separated list of values. For example: `assignee`, `reporter`, `severity`.
  
  By default, the configured `time field` of the event is always included in the issue response..
  
  Only the specified values are included in the Jira issue response and ingested in Splunk.
  
  By default, all fields are fetched in Jira issue response, except for `comment`, `attachment`, `worklog`, `timetracking`, and `issuerestriction`.
  
  Excluded fields mentioned in this section can still be fetched and ingested in Splunk if they are specified in `Include jira fields`.
  
  If the user provides the value for "Exclude jira fields", then this field is disabled.
  

• Exclude jira fields - The fields that you want to exclude from the jira issue response.

  Provide a comma-separated list of values. For example: `assignee`, `reporter`, `severity`.
  
  If you provide the value for `Include Jira fields`, then this field is disabled.
  

• Time field - This field will be used for making API Calls to fetch Jira issues.

  Default value: *updated*. Do not to modify the default value. This is not a multi-value field, provide a single value.
  

• Filter parameters - You can provide Jira filter here as per JQL syntax, for example, labels=”temp” AND summary ~ “temp”.

  To avoid data collection discrepancies, do not include the time-related fields in the filters.
  

• Index - Index in which you want to collect data.

Note

Do not provide the same information in exclude jira fields and time field while configuring the input. For example: Exclude Jira fields - created, priority, description and Time field - created. This will obstruct the checkpoint mechanism and data collection

Upon successful execution of the Jira Issues modinput, the add-on collects Jira issues with all the fields associated with the issues. It also includes the custom fields that might not be important for you. You can exclude those fields in the Exclude jira fields” option while configuring the modular input.

Configure Jira Users input for the Splunk Add-on for Jira Cloud

Perform the following steps to configure Jira Users input for the Splunk Add-on for Jira Cloud:

1. In Splunk Web, go to the Splunk Add-on for Jira Cloud. You can either click the name of this add-on on the left navigation banner or go to Manage Apps, and then click Launch App in the row for the Splunk Add-on for Jira Cloud.
2. Click the Inputs tab.
3. Click Create New Input and select Jira Users.
4. Enter the following information:

• API token - Select the API token you have created. See Configure credentials for Splunk Add-on for Jira Cloud.
• Name - A name for the new input.
• Interval - The input polling interval, in seconds.
• Index - Index in which you want to collect data.