🔧 Mastering Jira and Splunk: How I Solved a Real-Time L2 Support Ticket Like a Pro

If you've ever felt overwhelmed juggling tickets in Jira and analyzing logs in Splunk, you're not alone. In this guide, I walk you through a real-life scenario where I handled a daily customer report request using both tools—just like it happens in real production support environments.

Learn how to master Jira and Splunk for L2 production support with this real-time use case. Step-by-step guide to processing tickets, generating reports & automating alerts.

🧩 It Was Just Another Morning… Until Jira Popped

It was one of those routine mornings—coffee in hand, dashboard blinking. Then came a new Jira ticket—a request for a daily Splunk customer report. At first glance? Simple. But as any L2 production support engineer knows, nothing’s ever really "simple."

This article is my personal walkthrough—real tools, real logs, real pressure. Whether you're an aspiring support engineer, prepping for an interview, or trying to upskill, this is your behind-the-scenes look into how things actually unfold.

🎯 The Use Case: A Daily Splunk Report via Jira

Ticket ID: L2S-XX
Project: L2 Support
Requestor: Pranab
Goal: Daily CSV report at 8:00 AM
Fields: first_name, country_name, phone_number, email, subscription_date, website_name
Recipients: [email protected], [email protected]

🔁 Step-by-Step Guide: From Chaos to Resolution

✅ 1. Ticket Creation and Initial Review

Once I logged into Jira, the new ticket caught my eye. The request was detailed, complete with a sample CSV.

Action:

• Logged in to Jira → Projects → L2 Support
• Opened ticket L2S-XX
• Checked Priority, SLA, and Requirements

🔍 This step is often skipped or rushed, but trust me—it’s what saves you from confusion later.

🙋 2. Assigning and Acknowledging the Ticket

Before touching Splunk, I did what most forget to do—acknowledged the customer. Communication is everything.

Steps:

• Clicked “Assign to me”
• Left this comment in the ticket:

Hi @Pranab, 

Thanks for contacting ITSM Goal Support. We are looking into this for you and will get back as soon as possible. For updates, please reply to this message. 

Regards, 

ITSM Goal L2 Support

• Status changed to: In Progress

💡 Pro Tip: Always acknowledge within SLA—usually 15-30 mins. It builds trust and keeps your queue clean.

📊 3. Analyzing Requirements and Building the Report in Splunk

Here comes the fun part: Splunk.

🔑 Goal Recap:

• Create a report named customer_report
• Export it daily as CSV
• Send it to 2 email addresses

🔍 Accessing Splunk:

• Navigated to the Search & Reporting app
• Used the given source: customer_list.csv

🛠️ Building the Query:

index=main source=customer_list.csv sourcetype=csv

| table "first_name" "country" "phone_1" "email" "subscription_date" "website"

| rename "first_name" AS first_name, "country" AS country_name, "phone_1" AS phone_number, "website" AS website_name

Why Rename?
Because the actual fields didn’t exactly match Pranab’s required format. Splunk fields are case-sensitive and naming-specific.

📤 Validating Output:

• Used Export > CSV
• Matched the sample exactly:
  John, USA, 1234567890, [email protected], 2024-12-12, itsmgoal.com

✅ Report accuracy? ✔️
✅ Format match? ✔️

⏰ 4. Scheduling the Report in Splunk

Here’s where it gets real-world.

• Saved search as “customer_report”
• Set schedule to run daily at 8:00 AM
• Under Actions, selected:
  ✔ Send email
  ✔ Attach CSV
  ✔ To: [email protected], [email protected]
  ✔ Subject: “Daily Customer Report - $time$”

Final Step: Test run the schedule to make sure it doesn’t fail silently.

🛠 Don’t forget to check if SMTP settings in Splunk are correctly configured or your email won’t go through.

✅ 5. Resolving the Ticket

Back to Jira, I updated the ticket.

Final Comment:

Hi @Pranab, 

The requested daily report has been created and scheduled to run at 8:00 AM daily. Please find a test sample attached. Feel free to reopen if you need further updates. 

Best regards, 

ITSM Goal L2 Support

• Status: Resolved
• Time logged: 45 mins (perfect for SLA)
• Attached: Sample report (CSV)

🧠 What You Just Learned

✔ How to process Jira tickets end-to-end
✔ How to build and schedule reports in Splunk
✔ Real-world field mapping and renaming
✔ Best practices for support communication
✔ Tools that L2 teams actually use

🔥 Real Talk: Why This Matters

When you're in production support, speed and clarity are your lifelines. Jira keeps the process clean. Splunk gives you the truth hidden in logs.

But the real skill? Connecting dots under pressure.

This walkthrough isn't just about tools. It's about taking ownership, communicating like a pro, and solving the right problem fast.

Whether you're:

• Preparing for a support interview
• Already working in L2/L3 roles
• Or trying to automate your daily grind

This is the real stuff companies value.

❓ FAQ: Your Questions, Answered

🔹 What is Jira used for in production support?

Jira is used to track, assign, and resolve tickets. It helps manage incidents, service requests, and even change management. In L2, it’s your command center.

🔹 What is Splunk used for?

Splunk allows engineers to search, monitor, and analyze log data. In L2, it’s mostly used for:

• Debugging errors
• Creating real-time dashboards
• Generating automated reports

🔹 How do I create a scheduled report in Splunk?

• Save a search
• Click "Schedule"
• Set frequency, time, and alert actions (like email)
• Test it!

🔹 What if my Splunk email reports don’t go through?

Check:

• SMTP server settings
• Authentication credentials
• Email size or attachment limits
• Splunk logs (/opt/splunk/var/log)

🔹 What are common Jira statuses in L2 support?

• Unassigned
• In Progress
• Waiting for User
• Resolved
• Closed

Set them properly for SLA tracking.

🔹 What are some Splunk alternatives?

If you're exploring, try:

• ELK Stack (Elasticsearch + Logstash + Kibana)
• Graylog
• Datadog

But Splunk dominates in enterprise production environments.

🔹 Is this use case common in production support?

Absolutely! These types of report automation requests come daily in IT ops teams across banking, insurance, e-commerce, telecom, and cloud infra setups.

🎯 Final Thoughts: Own Your Role

In support, your power lies in the details. Knowing how to respond, what to do, and how to do it quickly and reliably is what separates average from awesome.

And trust me, Pranab will remember your name the next time he needs help.

💡 Inspired by real-world ITSM scenarios. Brought to you by ITSM Goal—your partner in practical learning for production support.