Skip to main content
Sumo Logic

Collect Logs for the Jira Cloud App

This page provides instructions for collecting logs for the Sumo App for Jira Cloud.

This page provides instructions for configuring log collection for the Jira Cloud App. Click a link to jump to a section:

Collection Overview

Configuring log collection consists of the following tasks:

  • Configuring a Hosted Collector in Sumo Logic to receive Jira Cloud Events: A Hosted Collector is installed to receive the Webhooks from Jira. The Webhooks configuration helps to notify the app or web application when certain events occur in Jira. Using the Webhooks the remote applications do not have to monitor whether changes have occurred
  • Registering a Webhook in Jira Cloud: Webhooks are registered in Jira for various events by Jira administration console or Jira REST API methods. These Webhooks can be used as an alert to the remote application when the issues are updated or sprints are started.

For more information, please see the documentation for Webhooks in Jira Cloud.

Step 1: Configure Hosted Collector to Receive Webhooks

In this step, you create a host collector to receive Webhooks from Jira and set up an HTTP source on it.

  1. Configure a Hosted Collector, or select an existing hosted collector for the HTTP source.

  2. Configure an HTTP source on the hosted collector.

    • For Source Category, specify jira_cloud/events.

    • Make a note of the HTTP address for the source. You will supply it when you configure a Jira Webhook in the next step.

Follow the instructions on Webhooks in Jira help to register a Webhook for the following events:

Issue Related Events: 

  • Issue
    • created
    • updated
    • deleted
  • Comment
    • created
    • updated
    • deleted
  • Attachment
    • created
    • deleted
  • Worklog
    • created
    • updated
    • deleted
  • Entity property
    • created or updated
    • deleted
  • Issue link
    • created 
    • deleted

Project-related Events

  • Version
    • released
    • unreleased
    • created
    • moved
    • updated
    • merged
    • deleted
  • Project
    • created
    • updated
    • deleted

User Related Events

  • User
    • created
    • deleted
    • updated

Jira Configuration Related Events

  • Features status change (enabled/disabled)
    • voting
    • watching
    • unassigned issues
    • subtasks
    • attachments
    • issue links
    • time tracking
    • time tracking provider

Jira Software Related Events

  • Board
    • created
    • deleted
    • updated
    • configuration changed

Sprint Events

  • Sprint
    • created
    • deleted
    • updated
    • started
    • closed

When you configure the Webhook, enter the URL for the HTTP source you created in Step 2 as the endpoint for the Webhook.


Sample Log Messages

For more information about log messages, see Sample Log for Jira Cloud.

Query Example

This section provides a sample query from the Unassigned Issues panel on the Jira Cloud - Issue Details dashboard.


  • Issue:*
  • Issue_Summary:*

Query String

_sourceCategory="jira_cloud" *issue* 
| json field=_raw "webhookEvent", "issue_event_type_name", "changelog", "issue.fields.creator.displayName", "issue.self",  "issue.key", "timestamp", "", "", "", "", "", "",  "issue.fields.assignee.displayName", "issue.fields.summary", "", "issue.fields.components", "issue.fields.labels" as  event_name, event_type, change_log, issue_creator, jira_self, issue_key, timestamp, type, status, resolution, project_name, status_category, is_active, issue_assignee, issue_summary, priority, components, labels  nodrop
| where   project_name matches "*" AND issue_key matches "*" AND type matches "*" AND priority matches "*" AND status_category matches "*" AND status matches "*"
| isNull(issue_assignee) ? "Unassigned" : issue_assignee as issue_assignee
| parse regex field=labels "\"(?<label>[\S]+?)\"" multi nodrop
| parse regex field=components "\"name\":\"(?<component>[\S]+?)\"" multi nodrop
| where component matches "*" and  label matches "*"
| json field=change_log "items" as changes nodrop
| formatDate(fromMillis(timestamp), "MM-dd-yyyy HH:mm:ss", "UTC") as date_time
| parse regex field=jira_self "https:\/\/(?<base_url>.*?)\/" 
| concat("https://",base_url,"/browse/", issue_key) as issue_url
| tourl(issue_url, issue_key) as issue
| withtime issue_assignee 
| most_recent(issue_assignee_withtime) as user by issue, issue_summary
| where user="Unassigned"
| count as count by issue, issue_summary
| fields - count