search

guilhemmarchand / TA-jira-service-desk-simple-addon

Atlasian JIRA add-on for Splunk alert actions
11 stars 9 forks source link

How To Fill Jira Date/Time Custom Field With Splunk Trigger Date/Time OR Jira Creation Date/Time? #191

Open AJiraDude opened 4 months ago

AJiraDude commented 4 months ago

Hi there. We've been trying out this plug in and have gotten some great results with it, thank you! We currently face a challenge with trying to pass a date/time value from Splunk to Jira. The Jira Date/Time Custom Field is in the following format: 2024-04-21 11:00PM.

We've tried the following codes with no success so far:

The issue we're seeing in Splunk log is suggesting "Error Parsing Time" and we aren't quite sure what's the proper formatting to use for Jira to accept this value. Would you be able to provide some insight on this issue if possible?

Thank you so much!

guilhemmarchand commented 4 months ago

Hi @AJiraDude

Based on JIRA REST API ref: https://developer.atlassian.com/server/jira/platform/jira-rest-api-examples/#creating-an-issue-examples

DatePickerField

Copy "customfield_10002": "2011-10-03" The format is: YYYY-MM-DD

DateTimeField

Copy "customfield_10003": "2011-10-19T10:29:29.908+1100" This format is ISO 8601: YYYY-MM-DDThh:mm:ss.sTZD

If we are talking about the datetime picker:

So If I create a custom field to store a date and time in JIRA:

CleanShot 2024-05-25 at 11 32 51@2x

CleanShot 2024-05-25 at 11 34 05@2x

CleanShot 2024-05-25 at 11 56 37@2x

Ex alert:

| makeresults
| eval user=md5(_time), action="failed", message="Test custom field"
| eval issue_created=strftime(_time, "%Y-%m-%dT%H:%M:%S.%3N%z")

Then:

CleanShot 2024-05-25 at 12 54 20@2x

AJiraDude commented 4 months ago

Hi there! Thank you so much for taking your time to reply to me! The information your provided is quite insightful, but I'm not sure if I fully grasp it atm. If you don't mind, I'd like to provide a bit more information to make sure we're on the same page:

Using the Integration UI, I was able to populate 2 custom fields by putting the following code in the "custom fields structure" field: "customfield_10000": [ {"value": "Other" }, {"value": "Other" }], "customfield_10001": Hello World!"

However, I'm having issue to also have the custom date field picker genereated using Jira's Created Date field value using the following code: "customfield_10000": [ {"value": "Other" }, {"value": "Other" }], "customfield_10001": Hello World!", "customfield_10002": "(issue.created)"

Please see below for a screenshot of what I'm seeing (green is what's successful so far, red is what I can't get working but would like to see working):

CustomFieldResults

While I do see that you have "Issue_created" field filled out, I'm not sure if I'm supposed to put "| eval issue_created=strftime(_time, "%Y-%m-%dT%H:%M:%S.%3N%z")" into the custom fields structure field to generate that?

Sorry for the trouble and I appreciate any additional insight you may have!

guilhemmarchand commented 4 months ago

@AJiraDude

You are welcome.

While I do see that you have "Issue_created" field filled out, I'm not sure if I'm supposed to put "| eval issue_created=strftime(_time, "%Y-%m-%dT%H:%M:%S.%3N%z")" into the custom fields structure field to generate that?

Yes, you need to send the format that is expected by the JIRA REST API, in the case of the datetime custom field, it is expecting a specific ISO time format as mentioned in my response. Therefore, when sending your alert in Splunk, you need to use SPL so you format the field data accordingly.

Guilhem

AJiraDude commented 3 months ago

Hi Guilhem. Thank you for the input so far. I've been working with my Splunk admin on this and we still can't quite seem to figure this out. We've tried the following format that we think is expected by JIRA REST API in Splunk format with no success so far (all showing formatting parsing error):

  1. customfield_10002" : "%Y-%m-%dT%H:%M:%S.%3N%z"
  2. "customfield_10002" : "%m-%d-%YT%H:%M:%S.%3N%z"
  3. "customfield_10002" : "%Y-%m-%dT%H:%M:%S"
  4. "customfield_10002" : "%Y-%m-%dT%H:%M"
  5. "customfield_10002" : "%m-%d-%YT%H:%M "
  6. "customfield_10002" : "_time, "%Y-%m-%dT%H:%M:%S.%3N%z""
  7. "customfield_10002" : "%Y-%m-%dT%H:%M:%S"
  8. "customfield_10002" :strftime(_time, "%Y-%m-%dT%H:%M:%S.%3N%z")
  9. "customfield_10002"=strftime(_time, "%Y-%m-%dT%H:%M:%S.%3N%z")
  10. "customfield_10002" : "YYYY-MM-DDThh:mm:ss.sTZD"
  11. "customfield_10002"=strftime(_time, "%Y-%m-%dT%H:%M:%S.%3N%z")

We've also been referencing this guide to get more clue: https://docs.splunk.com/Documentation/Splunk/9.2.1/SearchReference/Commontimeformatvariables

Would you kindly guide us a bit more on this and if it's possible to incorporate this hint (or an example) into your guide so it's easier for us to follow? Sorry for the limited experience on my end as I'm primarily a Jira administrator. Thank you for your time...