The JIRA Cloud Audit Logs Add-On for Splunk uses the Jira REST API to fetch audit records from Jira and ingest them into Splunk.
This is a Add-on to pull in data from Jira REST API. The Audit records endpoint is being hit to fetch data for the audit records.
- Get the proper permission:
Jira Administrators
global permission. Please follow the instruction here to setup the proper permission. - Get your API token Please follow the instruction here to create an API token. Copy it to clipboard, then paste the token to elsewhere to save.
This Add-on can be installed in Splunk Enterprise and Splunk Cloud.
-
Please follow the steps here to install the Add-on in a single-instance Splunk Enterprise deployment.
-
Please follow the steps here to install the Add-on in a distributed Splunk Enterprise deployment.
Please follow the steps here to install the Add-on in Splunk Cloud.
The configuration steps are common for Splunk Enterprise
and Splunk Cloud
. Please follow the following steps in order:
- Open the Web UI for the Heavy Forwarder (or IDM).
- Access the TA from the list of applications.
- Configure the API Token
- Click on
Configuration
button on the top left corner. - Click on
Add-on Settings
button. - Enter the
API Token
.- API Token (required): Jira API Token.
- Click on the
Save
green button.
- Create an input.
- Click on
Inputs
button on the top left corner. - Click on
Create New Input
button on the top right corner. - Enter the following details in the pop up box:
- Name (required): Unique name for the data input.
- Interval (required): Time interval of input in seconds.
- Index (required): Index for storing data.
- Base URL (required): The Base URL. Must start with "https". For example,
https://your-domain.atlassian.net
- username (required): Jira account Email Address.
- Start Time (required): The date and time on or after which returned audit records must have been created. Format: YYYY-MM-DDThh:mm:ss
- Click on the
Add
green button on the bottom right of the pop up box.
- Tested for installation and basic ingestion on Splunk 8.2, 8.1, 8.0, and 7.3 based on Jira test account.
Built by Splunk's FDSE Team (#team-fdse).
- This Add-on was built via Splunk Add-On Builder.
- Yuan Ling
- Mayur Pipaliya