Collect Logs for the Jira Cloud App
This page provides instructions for configuring log collection for the Jira Cloud App. Click a link to jump to a section:
- Collection Overview
- Step 1: Configure Hosted Collector to Receive Webhooks
- Step 2: Register Webhook in Jira
- Sample Log Messages
- Query Example
Collection Overview
Configuring log collection consists of the following tasks:
- Configuring a Hosted Collector in Sumo Logic to receive Jira Cloud Events: A Hosted Collector is installed to receive the Webhooks from Jira. The Webhooks configuration helps to notify the app or web application when certain events occur in Jira. Using the Webhooks the remote applications do not have to monitor whether changes have occurred
- Registering a Webhook in Jira Cloud: Webhooks are registered in Jira for various events by Jira administration console or Jira REST API methods. These Webhooks can be used as an alert to the remote application when the issues are updated or sprints are started.
For more information, please see the documentation for Webhooks in Jira Cloud.
Step 1: Configure Hosted Collector to Receive Webhooks
In this step, you create a host collector to receive Webhooks from Jira and set up an HTTP source on it.
-
Configure a Hosted Collector, or select an existing hosted collector for the HTTP source.
-
Configure an HTTP source on the hosted collector.
-
For Source Category, specify jira_cloud/events.
-
Make a note of the HTTP address for the source. You will supply it when you configure a Jira Webhook in the next step.
-
Step 2: Register Webhook in Jira
Follow the instructions on Webhooks in Jira help to register a Webhook for the following events:
Issue Related Events:
- Issue
- created
- updated
- deleted
- Comment
- created
- updated
- deleted
- Attachment
- created
- deleted
- Worklog
- created
- updated
- deleted
- Entity property
- created or updated
- deleted
- Issue link
- created
- deleted
Project-related Events
- Version
- released
- unreleased
- created
- moved
- updated
- merged
- deleted
- Project
- created
- updated
- deleted
User Related Events
- User
- created
- deleted
- updated
Jira Configuration Related Events
- Features status change (enabled/disabled)
- voting
- watching
- unassigned issues
- subtasks
- attachments
- issue links
- time tracking
- time tracking provider
Jira Software Related Events
- Board
- created
- deleted
- updated
- configuration changed
Sprint Events
- Sprint
- created
- deleted
- updated
- started
- closed
When you configure the Webhook, enter the URL for the HTTP source you created in Step 2 as the endpoint for the Webhook.
Sample Log Messages
For more information about log messages, see Sample Log for Jira Cloud.
Query Example
This section provides a sample query from the Unassigned Issues panel on the Jira Cloud - Issue Details dashboard.
Parameters
- Issue:*
- Issue_Summary:*
Query String
_sourceCategory="jira_cloud" *issue* | json field=_raw "webhookEvent", "issue_event_type_name", "changelog", "issue.fields.creator.displayName", "issue.self", "issue.key", "timestamp", "issue.fields.issuetype.name", "issue.fields.status.name", "issue.fields.resolution.name", "issue.fields.project.name", "issue.fields.status.statusCategory.name", "user.active", "issue.fields.assignee.displayName", "issue.fields.summary", "issue.fields.priority.name", "issue.fields.components", "issue.fields.labels" as event_name, event_type, change_log, issue_creator, jira_self, issue_key, timestamp, type, status, resolution, project_name, status_category, is_active, issue_assignee, issue_summary, priority, components, labels nodrop | where project_name matches "*" AND issue_key matches "*" AND type matches "*" AND priority matches "*" AND status_category matches "*" AND status matches "*" | isNull(issue_assignee) ? "Unassigned" : issue_assignee as issue_assignee | parse regex field=labels "\"(?<label>[\S]+?)\"" multi nodrop | parse regex field=components "\"name\":\"(?<component>[\S]+?)\"" multi nodrop | where component matches "*" and label matches "*" | json field=change_log "items" as changes nodrop | formatDate(fromMillis(timestamp), "MM-dd-yyyy HH:mm:ss", "UTC") as date_time | parse regex field=jira_self "https:\/\/(?<base_url>.*?)\/" | concat("https://",base_url,"/browse/", issue_key) as issue_url | tourl(issue_url, issue_key) as issue | withtime issue_assignee | most_recent(issue_assignee_withtime) as user by issue, issue_summary | where user="Unassigned" | count as count by issue, issue_summary | fields - count