Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can I capture in the below format?

sidtalup27
Explorer
‎12-05-2022 06:19 AM

Hello,

We are trying to build a dashboard for Incident SLA compliance.
The data is ingested from JIRA. Tickets are created in JIRA, and Splunk retrieves the information frequently. At this point in time, the concerned fields for me are the Ticket Number and Creation Time. However, when an existing Ticket in JIRA is updated, the new values in Splunk are updated on the existing values. Hence, I lose the previously captured, in this case, I miss out on Creation time, and the same field is updated with New Time. How can I capture in the below format? Please advise.

Ticket Number, Creation Time, Updated Time.

--
Thanks,
Siddarth

Labels (2)
0 Karma
Reply

sidtalup27
Explorer
‎12-05-2022 06:34 AM

@gcusello, can you please elaborate? My objective is to create a table of events for a key field, considering INDEX and SOURCETYPE are same.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎12-05-2022 08:05 AM

Hi @sidtalup27,

I don't know how you collect Jira data, anyway, instead saving them in a lookup save them in a summary index using the collect command so you'll have progressive events with timestamp, the correlation key and the status, so you can display these indormation in a table.

I cannot be more precise because I don't know how you populate the lookup.

Ciao.

Giuseppe

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎12-05-2022 06:23 AM

Hi @sidtalup27,

don't use a lookup to save data extracted from Jira, but a summary index so you have also the timestamp information.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...