Alerting

ZenDesk incident

fman82
Explorer

Anyone create an App/script to integrate with ZenDesk (such as open an incident via API) which they wish to share?

skender27
Contributor

Hi,

This is not the answer, but maybe this could help!

I tried this way: to get the list of all ticket from my Zendesk instance in .json format
curl -u username@example.com:password https://my_instance.zendesk.com/api/v2/tickets.json

or a particular ticket (in this case no. 13)
curl -u username@example.com:password https://my_instance.zendesk.com/api/v2/tickets/13json

And the same way for users (clients):
curl -u username@example.com:password https://my_instance.zendesk.com/api/v2/users.json

For all other https methods I read cerefully:
https://developer.zendesk.com/rest_api/docs/core/introduction

Bye,
Skender

0 Karma

sbrant_splunk
Splunk Employee
Splunk Employee

Here is a script I wrote to open a Zendesk ticket. By naming the saved search with the proper fields, the fields get parsed out and make for a more meaningful ticket title. It isn't pretty but should get you started. It's written in Python 2.x:

import pycurl
import StringIO
import sys
import re

# ---- Splunk Output (input for this script)
scriptName = sys.argv[0]      # Script name
eventReturned = sys.argv[1]   # Number of events returned
searchTerms = sys.argv[2]     # Search terms
queryString = sys.argv[3]     # Fully qualified query string
searchName = sys.argv[4]      # Name of saved search
triggerReason = sys.argv[5]   # Trigger reason
searchURL = sys.argv[6]       # URL to the saved search
resultsFileRaw = sys.argv[8]  # File where the results for this search are stored (raw)

# ---- Parse Splunk search name to help populate zendesk ticket
zdFields = re.match('^Saved\sSearch\s\["(?P<company>.*?)"\s(?P<priority>\d)\s"(?P<description>.*?)"\]\snumber\sof\sevents.*?$', triggerReason)
zdCompany = zdFields.group('company')
zdPriority = zdFields.group('priority')
zdDesc = zdFields.group('description')

# ---- Global Variables for CURL calls
xmlRequest = '<ticket><subject>' + zdCompany + ': ' + zdDesc + '</subject><description>' + searchURL + '</description><priority-id>' + zdPriority + '</priority-id><ticket-type-id>2</ticket-type-id><requester_id>54</requester_id></ticket>'
ncServerMaxTime = 1
zdURL = "http://sb.zendesk.com/tickets.xml"  # URL to your zendesk page
USER = "<username>"
PASS = "<password>"


# ---- Main
c = pycurl.Curl()
c.setopt(pycurl.URL, zdURL)
c.setopt(pycurl.POST, 1)
c.setopt(pycurl.USERPWD, "%s:%s" % (USER,PASS))
c.setopt(pycurl.HTTPHEADER, ["Content-Type: application/xml"])
c.setopt(pycurl.TIMEOUT, ncServerMaxTime)
c.setopt(pycurl.CONNECTTIMEOUT, ncServerMaxTime)
c.setopt(pycurl.NOSIGNAL, 1)
c.setopt(pycurl.POSTFIELDS, xmlRequest)
b = StringIO.StringIO()
c.setopt(pycurl.WRITEFUNCTION, b.write)
c.perform()
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...