Thanks ashisagr-amzn,
I was able to ingest data to Jira.
Sharing with all, not to waste too much time on that:
Used DevTools -
- Create JIRA destination. You need to have token generated at your Jira system for authentication.
POST _opendistro/_alerting/destinations
{
“type”: “custom_webhook”,
“name”: “to_JIRA_API”,
“custom_webhook”: {
“header_params”: {
“Content-Type”: “application/json”,
“Authorization”: “Bearer MXCVXC@#XXXXXXXXXXXXXXXXX”
},
“scheme” : “HTTPS”,
“method” : “POST”,
“port” : 443,
“url” : “https://jira.website.com/rest/api/2/issue”,
“host” : “jira.website.com”
}
}
Sample output:
{
“_id” : “NkSWSH8Brhnq8E_9AIip”,
“_version” : 1,
“_seq_no” : 574,
“_primary_term” : 15,
“destination” : {
“id” : “”,
“type” : “custom_webhook”,
“name” : “DDI_JIRA_apis”,
“user” : {
“name” : “me”,
“backend_roles” : [
“i-role”
],
“roles” : [
“own_indexes”
],
“custom_attribute_names” : ,
“user_requested_tenant” : null
},
“schema_version” : 3,
“seq_no” : 0,
“primary_term” : 0,
“last_update_time” : 1646190264488,
“custom_webhook” : {
“path” : null,
“header_params” : {
“Authorization” : “Bearer MXCVXC@#XXXXXXXXXXXXXXXXX”,
“Content-Type” : “application/json”
},
“password” : null,
“scheme” : “HTTPS”,
“method” : “POST”,
“port” : 443,
“query_params” : { },
“host” : “jira.website.com”,
“url” : “https://jira.website.com/rest/api/2/issue”,
“username” : null
}
}
}
- Create monitor using ID (NkSWSH8Brhnq8E_9AIip - from above sample). It has two actions - email and Jira. For email ID check your destinations.
POST _opendistro/_alerting/monitors
{
“type”: “monitor”,
“name”: “Found text”,
“enabled”: true,
“schedule”: {
“period”: {
“interval”: 1,
“unit”: “HOURS”
}
},
“inputs”: [{
“search”: {
“indices”: [“logs*”],
“query”: {
“size”: 1,
“track_total_hits”:true,
“aggregations”: {},
“query”: {
“bool”: {
“filter”: [
{
"match_phrase": {
"message": "sample text"
}
} ,
{
"range": {
"@timestamp": {
"gt": "now-1h"
}
}
}]
}
}
}
}
}],
“triggers”: [{
“name”: “trigger-jira-email”,
“severity”: “1”,
“condition”: {
“script”: {
“source”: “ctx.results[0].hits.total.value > 0”,
“lang”: “painless”
}
},
“actions”: [
{
“name”: “Email action”,
“destination_id”: “YEEukX4Brhnq8E_9A53t”,
“message_template”: {
“source”: “Hello team,\n\nOpendistro Alert - text found!\n\nHere are the details for the last 1 hour period:\n- Monitor Name: {{ctx.monitor.name}}\n- Log count: {{ctx.results.0.hits.total.value}} ({{ctx.results.0.hits.hits.0._source.hostname-ip}})\n- Period start: {{ctx.periodStart}}\n- Period end: {{ctx.periodEnd}}\n\nBest regards,\nNet-Team”
},
“throttle_enabled”: false,
“throttle”: {
“value”: 10,
“unit”: “MINUTES”
},
“subject_template”: {
“source”: “For the last 1 hour period, found sample text from source {{ctx.results.0.hits.hits.0._source.hostname}}”
}
},
{
“name”: “Jira action”,
“destination_id”: “NkSWSH8Brhnq8E_9AIip”,
“message_template”:{
“source”: “”“{ “fields”: { “project”:{“key”: “NET”},“summary”: “For the last 1 hour period, found sample text from source {{ctx.results.0.hits.hits.0._source.hostname}}”,“description”: “Hello team,\n\nOpendistro Alert - text found!\n\nHere are the details for the last 1 hour period:\n- Monitor Name: {{ctx.monitor.name}}\n- Log count: {{ctx.results.0.hits.total.value}} ({{ctx.results.0.hits.hits.0._source.hostname-ip}})\n- Period start: {{ctx.periodStart}}\n- Period end: {{ctx.periodEnd}}\n\nBest regards,\nNet-Team”,“issuetype”: {“name”: “Support”},“customfield_119”: {“id”: “137”} } }”“”
},
"throttle_enabled": false,
"throttle": {
"value": 10,
"unit": "MINUTES"
}
}]
}]
}
- Execute to get results:
POST _opendistro/_alerting/monitors/ID_from_above_result/_execute
Regards/emil