Sending alerts to Jira, creating ticket

Thanks ashisagr-amzn,
I was able to ingest data to Jira.
Sharing with all, not to waste too much time on that:
Used DevTools -

  1. Create JIRA destination. You need to have token generated at your Jira system for authentication.
    POST _opendistro/_alerting/destinations
    {
    “type”: “custom_webhook”,
    “name”: “to_JIRA_API”,
    “custom_webhook”: {
    “header_params”: {
    “Content-Type”: “application/json”,
    “Authorization”: “Bearer MXCVXC@#XXXXXXXXXXXXXXXXX
    },
    “scheme” : “HTTPS”,
    “method” : “POST”,
    “port” : 443,
    “url” : “https://jira.website.com/rest/api/2/issue”,
    “host” : “jira.website.com
    }
    }

Sample output:
{
“_id” : “NkSWSH8Brhnq8E_9AIip”,
“_version” : 1,
“_seq_no” : 574,
“_primary_term” : 15,
“destination” : {
“id” : “”,
“type” : “custom_webhook”,
“name” : “DDI_JIRA_apis”,
“user” : {
“name” : “me”,
“backend_roles” : [
“i-role”
],
“roles” : [
“own_indexes”
],
“custom_attribute_names” : ,
“user_requested_tenant” : null
},
“schema_version” : 3,
“seq_no” : 0,
“primary_term” : 0,
“last_update_time” : 1646190264488,
“custom_webhook” : {
“path” : null,
“header_params” : {
“Authorization” : “Bearer MXCVXC@#XXXXXXXXXXXXXXXXX”,
“Content-Type” : “application/json”
},
“password” : null,
“scheme” : “HTTPS”,
“method” : “POST”,
“port” : 443,
“query_params” : { },
“host” : “jira.website.com”,
“url” : “https://jira.website.com/rest/api/2/issue”,
“username” : null
}
}
}

  1. Create monitor using ID (NkSWSH8Brhnq8E_9AIip - from above sample). It has two actions - email and Jira. For email ID check your destinations.

POST _opendistro/_alerting/monitors
{
“type”: “monitor”,
“name”: “Found text”,
“enabled”: true,
“schedule”: {
“period”: {
“interval”: 1,
“unit”: “HOURS”
}
},
“inputs”: [{
“search”: {
“indices”: [“logs*”],
“query”: {
“size”: 1,
“track_total_hits”:true,
“aggregations”: {},
“query”: {
“bool”: {
“filter”: [

     {
      "match_phrase": {
        "message": "sample text"
      }
    }   ,
    {
         "range": {
                "@timestamp": {
                  "gt": "now-1h"
                }
              }
        }]
      }
    }
  }
}

}],
“triggers”: [{
“name”: “trigger-jira-email”,
“severity”: “1”,
“condition”: {
“script”: {
“source”: “ctx.results[0].hits.total.value > 0”,
“lang”: “painless”
}
},
“actions”: [
{
“name”: “Email action”,
“destination_id”: “YEEukX4Brhnq8E_9A53t”,
“message_template”: {
“source”: “Hello team,\n\nOpendistro Alert - text found!\n\nHere are the details for the last 1 hour period:\n- Monitor Name: {{ctx.monitor.name}}\n- Log count: {{ctx.results.0.hits.total.value}} ({{ctx.results.0.hits.hits.0._source.hostname-ip}})\n- Period start: {{ctx.periodStart}}\n- Period end: {{ctx.periodEnd}}\n\nBest regards,\nNet-Team”
},
“throttle_enabled”: false,
“throttle”: {
“value”: 10,
“unit”: “MINUTES”
},
“subject_template”: {
“source”: “For the last 1 hour period, found sample text from source {{ctx.results.0.hits.hits.0._source.hostname}}”
}
},
{
“name”: “Jira action”,
“destination_id”: “NkSWSH8Brhnq8E_9AIip”,
“message_template”:{
“source”: “”“{ “fields”: { “project”:{“key”: “NET”},“summary”: “For the last 1 hour period, found sample text from source {{ctx.results.0.hits.hits.0._source.hostname}}”,“description”: “Hello team,\n\nOpendistro Alert - text found!\n\nHere are the details for the last 1 hour period:\n- Monitor Name: {{ctx.monitor.name}}\n- Log count: {{ctx.results.0.hits.total.value}} ({{ctx.results.0.hits.hits.0._source.hostname-ip}})\n- Period start: {{ctx.periodStart}}\n- Period end: {{ctx.periodEnd}}\n\nBest regards,\nNet-Team”,“issuetype”: {“name”: “Support”},“customfield_119”: {“id”: “137”} } }”“”

},
  "throttle_enabled": false,
  "throttle": {
    "value": 10,
    "unit": "MINUTES"
  }
}]

}]
}

  1. Execute to get results:
    POST _opendistro/_alerting/monitors/ID_from_above_result/_execute

Regards/emil

1 Like