从Splunk警报创建唯一Jira工单
中级
这是一个SecOps领域的自动化工作流,包含 11 个节点。主要使用 If, Set, Jira, Webhook 等节点。 从Splunk警报创建唯一Jira工单
前置要求
- •HTTP Webhook 端点(n8n 会自动生成)
使用的节点 (11)
分类
工作流预览
可视化展示节点连接关系,支持缩放和平移
导出工作流
复制以下 JSON 配置到 n8n 导入,即可使用此工作流
{
"id": "uD31xU0VYjogxWoY",
"meta": {
"instanceId": "03e9d14e9196363fe7191ce21dc0bb17387a6e755dcc9acc4f5904752919dca8"
},
"name": "从Splunk警报创建唯一Jira工单",
"tags": [
{
"id": "GCHVocImoXoEVnzP",
"name": "🛠️ In progress",
"createdAt": "2023-10-31T02:17:21.618Z",
"updatedAt": "2023-10-31T02:17:21.618Z"
},
{
"id": "QPJKatvLSxxtrE8U",
"name": "Secops",
"createdAt": "2023-10-31T02:15:11.396Z",
"updatedAt": "2023-10-31T02:15:11.396Z"
}
],
"nodes": [
{
"id": "3f9fa220-1966-4478-b7db-c39056564c9d",
"name": "Webhook",
"type": "n8n-nodes-base.webhook",
"position": [
-640,
320
],
"webhookId": "f2a52578-2fef-40a6-a7ff-e03f6b751a02",
"parameters": {
"path": "f2a52578-2fef-40a6-a7ff-e03f6b751a02",
"options": {},
"httpMethod": "POST"
},
"typeVersion": 1
},
{
"id": "375ac47e-7975-45cb-b7c1-cef1c7fca701",
"name": "添加工单评论",
"type": "n8n-nodes-base.jira",
"position": [
240,
520
],
"parameters": {
"comment": "=Timestamp: {{ $('Set Host Name').item.json.body.timestamp }}\nDescription: {{ $('Set Host Name').item.json.body.description }}",
"options": {},
"issueKey": "={{ $json.key }}",
"resource": "issueComment"
},
"credentials": {
"jiraSoftwareCloudApi": {
"id": "OYvpDV2Q42eY6iyA",
"name": "Alex Jira Cloud"
}
},
"typeVersion": 1
},
{
"id": "a5dea875-6adf-4d18-aeb9-5fe31a0ebfae",
"name": "搜索工单",
"type": "n8n-nodes-base.jira",
"position": [
-200,
320
],
"parameters": {
"options": {
"jql": "=splunkhostname ~ \"{{ $json['splunk-host-name'] }}\" "
},
"operation": "getAll"
},
"credentials": {
"jiraSoftwareCloudApi": {
"id": "OYvpDV2Q42eY6iyA",
"name": "Alex Jira Cloud"
}
},
"typeVersion": 1,
"alwaysOutputData": true
},
{
"id": "3dac410e-1e37-463d-9aba-bc6abf3889f7",
"name": "设置主机名",
"type": "n8n-nodes-base.set",
"position": [
-420,
320
],
"parameters": {
"values": {
"string": [
{
"name": "splunk-host-name",
"value": "={{ $json.body.inputs.A.key['host.name'].replace(/[^a-zA-Z0-9 ]/g, '') }}"
}
]
},
"options": {}
},
"typeVersion": 2
},
{
"id": "465ec3b0-dd16-482e-b4b6-f8ed91fbb11b",
"name": "如果工单不存在",
"type": "n8n-nodes-base.if",
"position": [
20,
320
],
"parameters": {
"conditions": {
"string": [
{
"value1": "={{ $json.key }}",
"operation": "isEmpty"
}
]
}
},
"typeVersion": 1
},
{
"id": "1315b76b-39fc-4fd3-9a45-a91e5e873874",
"name": "便签",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1120,
-26.960531840248223
],
"parameters": {
"width": 643.8620281403546,
"height": 537.944771288002,
"content": ""
},
"typeVersion": 1
},
{
"id": "636425b9-a11f-4891-aa00-2f3c42956c01",
"name": "创建工单",
"type": "n8n-nodes-base.jira",
"position": [
240,
160
],
"parameters": {
"project": {
"__rl": true,
"mode": "list",
"value": "10001",
"cachedResultName": "Service Desk"
},
"summary": "=Splunk Alert for host {{ $('Set Host Name').item.json.body.inputs.A.key[\"host.name\"] }}: {{ $('Set Host Name').item.json.body.description }}",
"issueType": {
"__rl": true,
"mode": "list",
"value": "10004",
"cachedResultName": "[System] Incident"
},
"additionalFields": {
"description": "={{ $('Set Host Name').item.json.body.description }}\n\n{{ $('Set Host Name').item.json.body.messageBody }}",
"customFieldsUi": {
"customFieldsValues": [
{
"fieldId": {
"__rl": true,
"mode": "id",
"value": "customfield_10063"
},
"fieldValue": "={{ $('Webhook').item.json[\"body\"][\"inputs\"][\"A\"][\"key\"][\"host.name\"].replace(/[^a-zA-Z0-9 ]/g, '') }}"
}
]
}
}
},
"credentials": {
"jiraSoftwareCloudApi": {
"id": "OYvpDV2Q42eY6iyA",
"name": "Alex Jira Cloud"
}
},
"typeVersion": 1
},
{
"id": "47af8bdb-e0da-4923-8f0a-05deb86ac1b3",
"name": "便签1",
"type": "n8n-nodes-base.stickyNote",
"position": [
-460,
98.72468966845895
],
"parameters": {
"width": 401.99970102055784,
"height": 413.43480804607805,
"content": ""
},
"typeVersion": 1
},
{
"id": "c0bf09e6-ca08-4db6-aff0-a6528a8fb03b",
"name": "便签2",
"type": "n8n-nodes-base.stickyNote",
"position": [
180,
-21.934709587377256
],
"parameters": {
"width": 401.99970102055784,
"height": 348.38243930996134,
"content": ""
},
"typeVersion": 1
},
{
"id": "a175e343-83ed-4442-94df-7e7027b8c687",
"name": "便签3",
"type": "n8n-nodes-base.stickyNote",
"position": [
180,
340
],
"parameters": {
"width": 401.99970102055784,
"height": 341.08777742613927,
"content": ""
},
"typeVersion": 1
},
{
"id": "09143b8c-a4ce-4791-8937-3333d24b6e01",
"name": "便签4",
"type": "n8n-nodes-base.stickyNote",
"position": [
-40,
100.50445897107033
],
"parameters": {
"width": 193.6032856277124,
"height": 415.27445353029793,
"content": "## 检查是否找到工单"
},
"typeVersion": 1
}
],
"active": false,
"pinData": {
"Webhook": [
{
"json": {
"body": {
"tip": null,
"rule": "n8n-test",
"inputs": {
"A": {
"key": {
"os.type": "linux",
"host.name": "n8n-enterprise-demo",
"sf_metric": "cpu.utilization"
},
"value": "0.1670342357065173",
"fragment": "data('cpu.utilization').publish(label='A')"
},
"_S2": {
"value": "0.2",
"fragment": "threshold(0.2)"
}
},
"status": "ok",
"detector": "n8n-test",
"imageUrl": "https://static.eu0.signalfx.com/signed/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJjb20uc2lnbmFsZnguYXBwIiwiZXhwIjoxNjk0NjE0NjI2LCJpSWQiOiJGNVZBcTEwQUVBQSIsIm9JZCI6IkY1V0JKZ2lBSUFBIiwiYlQiOiJlbmQifQ.udzyF5-HqKyV_EMRmT51EtgECK9g-wanl8nx_MH0i9Q/async",
"severity": "Critical",
"eventType": "F5Vx1EuAAKc__F5V-TcTAEJ8__n8n-test",
"sf_schema": 2,
"timestamp": "2023-09-06T14:17:00Z",
"detectorId": "F5V-TcTAEJ8",
"incidentId": "F5VAq10AEAA",
"runbookUrl": null,
"description": "The value of cpu.utilization is above 0.2.",
"detectorUrl": "https://app.eu0.signalfx.com/#/detector/F5V-TcTAEJ8/edit?incidentId=F5VAq10AEAA&is=ok",
"messageBody": "Rule \"n8n-test\" in detector \"n8n-test\" cleared at Wed, 6 Sep 2023 14:17:00 GMT.\n\nCurrent signal value for n8n.test: 0.1670342357065173\n\nSignal details:\n{sf_metric=cpu.utilization, host.name=n8n-enterprise-demo, os.type=linux}",
"messageTitle": "Back to normal: n8n-test (n8n-test)",
"statusExtended": "ok",
"detectOnCondition": "when(A > threshold(0.2))",
"originatingMetric": "cpu.utilization",
"triggeredWhileMuted": false
},
"query": {},
"params": {},
"headers": {
"host": "internal.users.n8n.cloud",
"x-real-ip": "10.255.0.2",
"user-agent": "Apache-HttpClient/4.5.14 (Java/1.8.0_372)",
"content-type": "application/json; charset=utf-8",
"content-length": "1366",
"accept-encoding": "gzip,deflate",
"x-forwarded-for": "10.255.0.2",
"x-forwarded-host": "internal.users.n8n.cloud",
"x-forwarded-port": "443",
"x-forwarded-proto": "https",
"x-forwarded-server": "e591fa1c2d01"
}
}
}
]
},
"settings": {
"executionOrder": "v1"
},
"versionId": "3985cac2-7f23-4d27-b826-0edfb0544b58",
"connections": {
"Webhook": {
"main": [
[
{
"node": "Set Host Name",
"type": "main",
"index": 0
}
]
]
},
"Search Ticket": {
"main": [
[
{
"node": "IF Ticket Not Exists",
"type": "main",
"index": 0
}
]
]
},
"Set Host Name": {
"main": [
[
{
"node": "Search Ticket",
"type": "main",
"index": 0
}
]
]
},
"IF Ticket Not Exists": {
"main": [
[
{
"node": "Create Ticket",
"type": "main",
"index": 0
}
],
[
{
"node": "Add Ticket Comment",
"type": "main",
"index": 0
}
]
]
}
}
}常见问题
如何使用这个工作流?
复制上方的 JSON 配置代码,在您的 n8n 实例中创建新工作流并选择「从 JSON 导入」,粘贴配置后根据需要修改凭证设置即可。
这个工作流适合什么场景?
中级 - 安全运维
需要付费吗?
本工作流完全免费,您可以直接导入使用。但请注意,工作流中使用的第三方服务(如 OpenAI API)可能需要您自行付费。
相关工作流推荐
CSV到JSON转换器(错误处理与Slack通知)
具有错误处理和Slack通知功能的CSV到JSON转换器
If
Set
Code
+8
18 节点n8n Team
工程
支持Webhook的AI PDF分析器
支持Webhook的AI PDF分析器
If
Set
Code
+8
16 节点n8n Team
钓鱼分析_URLScan_io 和 VirusTotal_
钓鱼分析 - URLScan.io 和 VirusTotal
If
Code
Wait
+10
23 节点n8n Team
安全运维
每周Shodan查询 - 报告意外事件(无功能节点)
每周Shodan查询 - 报告意外事件
Set
Html
Filter
+7
15 节点n8n Team
安全运维
基于fal.ai的文本转AI图像生成器
基于fal.ai平台的文本转AI图像生成器
If
Wait
Webhook
+5
12 节点n8n Team
使用ChatGPT分析与分类可疑邮件内容
使用ChatGPT分析与分类可疑邮件内容
If
Set
Code
+7
25 节点Angel Menendez
人工智能
工作流信息
难度等级
中级
节点数量11
分类1
节点类型5
作者
n8n Team
@n8n-teamMeet the official n8n team. We specialize in building workflows that transform intricate tasks into seamless operations.
外部链接
在 n8n.io 查看 →
分享此工作流