All Apps and Add-ons

Why is Add-on for Atlassian JIRA Service Desk alert action not talking to JIRA?

mlasky1970
Loves-to-Learn Lots

I've got the Add-on for Atlassian JIRA Service Desk alert action plugin installed (https://splunkbase.splunk.com/app/4958/) on my search head cluster so I can create tickets from searches and alerts however I am having trouble getting the TA to talk to JIRA.

I've created an internal JIRA user on our JIRA deployment, validated the credentials work by logging into JIRA with them, so I know my credentials are okay.

The configuration section in the TA accepts the credentials. However, when I go to the app and ask it to show me projects or, for that matter, anything, it returns 0 projects and 0 results. All the canned reports return a Python error in the UI.

Following a different thread I checked the troubleshooting steps at https://ta-jira-service-desk-simple-addon.readthedocs.io/en/latest/troubleshoot.html where it specifically talks about Python errors and how that tends to me there is a connectivity issue or credential issue.

I ran the curl commands from the search head I was connected to and it can successfully connect to JIRA and pull data back! 

[root@splunk-head-2 ~]# curl -k https://jira.mystuff.com/rest/api/latest/project --user prodsec-splunk
Enter host password for user 'prodsec-splunk':
[{"expand":"description,lead,url,projectKeys","self":"https://jira.mystuff.com/rest/api/2/project/15334","id":"15334","key":"VFR","name":" Vermin Feature Request","avatarUrls":{"48x48":"https://jira.mystuff.com/secure/projectavatar?avatarId=15163","24x24":"https://jira.mystuff.com/secure/projectavatar?size=small&avatarId=15163","16x16":"https://jira.mystuff.com/secure/project

So I have good credentials and end to end connectivity. I am not sure how to troubleshoot further...

Labels (1)
0 Karma

mlasky1970
Loves-to-Learn Lots

Uhm, okay. Yeah. Replying to myself.

There appears to be some ambiguity around the JIRA account configuration inside the TA. Specifically here:

mlasky1970_0-1650658184018.png

I had what I thought was a logical name in there. In fact, I had tried multiple logical names. However, the names I tried included special characters (a hyphen) and capitalization, both all caps and camel case. I also named it, during one attempt, the same as the JIRA username.

None of these worked.

I then deleted the accounts in the TA and started again. This time I created an account with a single lowercase word that had nothing at all to do with anything.

This time the TA populated the list of projects. When I attempt to save a search and select the TA as an action it works and allows me to choose the Project I want. Way more close to functioning than previously. Hopefully the weirdness with the account name I describe above will help someone else with the same issue.

Thanks to those that attempted to help me, much appreciated.

0 Karma

PickleRick
SplunkTrust
SplunkTrust

Check your python errors (they're quite important since they tell you what was wrong 😉 ) but I expect it to be something SSL-related. Especially that for testing you use curl with "-k".

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

@mlasky1970 - Could you please take a look at the internal Splunk logs to see if you see anything related to "jira"?

index=_internal "jira" CASE(ERROR)

 

This should be able to lead you to the right root case of the issue.

 

----
I hope this helps!!! 

0 Karma

mlasky1970
Loves-to-Learn Lots

mlasky1970_0-1650652285350.png

Lots of the decoder.py errors.

I re-ran the curl without the -k, that was just habit 🙂 I got the same response as before, it returns data.

I wouldn't put it past me to have deployed this wrong. From the documentation it looked like it just needed to be installed on the SHC, which is where I installed it.

Thoughts?

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

@mlasky1970 - Can you check the source of these logs?

- Are you using the latest version of the App from Splunkbase?

0 Karma

mlasky1970
Loves-to-Learn Lots

mlasky1970_0-1650653348753.png

They are coming from search_messages.log. And yes, I downloaded it from Splunkbase last week. I can use the search head deployer to remove it and reinstall it if we think that might be useful. Not like it's working now so there is nothing to lose. I didn't misinterpret the documentation did I? It only needs to be on the SHC?

 

0 Karma

PickleRick
SplunkTrust
SplunkTrust

From the docs I see that the app has some debug mode. Try enabling it and see what happens 🙂 It should log a lot more about its internals during processing.

0 Karma

PickleRick
SplunkTrust
SplunkTrust

Seems I missed with the SSL (but it's very often the case if "works with cli, doesn't work in python").

See the single erroneous pass and see what the errors are. Just because an error is the most often appearing doesn't mean it indicates the root cause of the problem.

0 Karma
Get Updates on the Splunk Community!

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...