Some improvement. I Added your suggestion and dropped the proxy argument and the health check is now working. But tickets are failing to be created. The change I made in jira.py was from :

result = requests.post(proxies=proxy, url=jira_url, data=body,
headers=headers, auth=(username, password))

to

result = requests.post(url=jira_url, data=body, headers=headers,
auth=(username, password), verify=False)

Now looking into why tickets are failing to be created. It looks like the password has been lost in the reconfigurations. But still the "Setup" link for the Jira Alert action is missing - it comes and goes. So how can I correct the password?

We can manually build a curl that closely matches what jira.py should be using - and it responds as expected. But splunkd.log is showing:

10-14-2018 23:00:04.159 +0000 INFO
sendmodalert - action=jira STDERR -
Jira server HTTP status= 401
10-14-2018 23:00:04.159 +0000 INFO
sendmodalert - action=jira STDERR -
Jira server response: 10-14-2018
23:00:04.160 +0000 ERROR sendmodalert
- action=jira STDERR - 10-14-2018 23:00:04.160 +0000 ERROR
sendmodalert - action=jira STDERR -
10-14-2018 23:00:04.160 +0000
ERROR sendmodalert - action=jira
STDERR - 10-14-2018 23:00:04.160
+0000 ERROR sendmodalert - action=jira STDERR - 10-14-2018 23:00:04.160 +0000
ERROR sendmodalert - action=jira
STDERR -

10-14-2018 23:00:04.160 +0000 ERROR
sendmodalert - action=jira STDERR -
10-14-2018 23:00:04.160 +0000 ERROR
sendmodalert - action=jira STDERR -

I've added a few comments to the ticket/question - but perhaps you haven't see.

The addition of verify=False fixed the issue first posted - thanks for that. - I also needed to drop "proxies=proxy" from the request.post entry.

However, now any use of the Jira app is met with authentication error. I believe that when I add the credentials to the Setup page via the Splunk UI, that it is saving the URL and username, but not the password. I have touched a file in /tmp just prior to setting the credentials (on both the Index master and the search head cluster instances), then added the credentials, then searched for changed files. I found that ./etc/apps/splunk-add-on-jira-alerts/local/alert_actions.conf was getting all the values added except the password. It is possible that the password is getting added to the KVStore - but I'm not sure how to confirm this.

Any suggestions?

The error logged in splunkd.log is:

10-14-2018 23:00:04.159 +0000 INFO
sendmodalert - action=jira STDERR -
Jira server HTTP status= 401
10-14-2018 23:00:04.159 +0000 INFO
sendmodalert - action=jira STDERR -
Jira server response: 10-14-2018
23:00:04.160 +0000 ERROR sendmodalert
- action=jira STDERR - 10-14-2018 23:00:04.160 +0000 ERROR
sendmodalert - action=jira STDERR -
10-14-2018 23:00:04.160 +0000
ERROR sendmodalert - action=jira
STDERR - 10-14-2018 23:00:04.160
+0000 ERROR sendmodalert - action=jira STDERR - 10-14-2018 23:00:04.160 +0000
ERROR sendmodalert - action=jira
STDERR -

10-14-2018 23:00:04.160 +0000 ERROR
sendmodalert - action=jira STDERR -
10-14-2018 23:00:04.160 +0000 ERROR
sendmodalert - action=jira STDERR -