All Apps and Add-ons

Why is there issue with Jira Service Desk simple AddOn and Rest endpoint?

Schroeder
Explorer

Hi Community!

We recently installed the Jira Service Desk simple AddOn version 2013, added an account and we can connect to our Jira ServiceDesk. We see the projects and all the other cool stuff but we do not manage to get a Support Request created.

The error message is:

 

 

 

2022-12-13 15:13:04,404 ERROR pid=30082 tid=MainThread file=cim_actions.py:message:292 | sendmodaction - signature="JIRA Service Desk ticket creation has failed!. url=https://a.b.c.com/rest/api/latest/issue, data={'fields': {'project': {'key': 'SPLUN'}, 'summary': 'Splunk Alert: Splunk test', 'description': 'The alert condition for whatsoever was triggered.', 'issuetype': {'name': 'Service Request'}, 'priority': {'name': 'Lowest'}}}, HTTP Error=400, content={"errorMessages":[],"errors":{"summary":"Field 'summary' cannot be set. It is not on the appropriate screen, or unknown.","description":"Field 'description' cannot be set. It is not on the appropriate screen, or unknown.","priority":"Field 'priority' cannot be set. It is not on the appropriate screen, or unknown."}}" action_name="jira_service_desk" search_name="Jira Test" sid="scheduler_cGV0ZXIuenVtYnJpbmtAaW5na2EuaWtlYS5jb20__search__RMD5c624f9724a09e6de_at_1670944380_2203_4B6BB912-8E18-4D05-9295-5A80D62CEEC7" rid="0" app="search" user="a.b.c.d" action_mode="saved" action_status="failure"

 

 

 

I assume the AddOn is reaching out to the wrong rest endpoint. When using curl we are advised to connect to:

https://a.b.c.com/rest/servicedeskapi/request

Can this be configured? Or do I just missunderstand the whole thing. If so, guidance would be appreciated.
I'm kind of lost 😉

@guilmxm 

Peter

Labels (2)
Tags (2)
0 Karma

Schroeder
Explorer

I could not hold may horses and started to work on a design to make this work with Splunk ITSI as well. One thing is that the parameters needs to be flexible by the result returned by the Episode. So no dropdown lists.

I also want this to work bidirectional to have Jira issue updates being reflected in the Episode like it is with the ServiceNow integration. This is partly working by loading the issue/request updates into a jira_pub index and havin a bidirectional ticketing correlation search updating Episodes. Note that the sourcetype needs to be tweaked to snow:incident to not confuse the backfill search in ITSI.

Beside this a issue/request is created by id via the  Jira servicedesk api only so I created another alert action based on your alert action. I named it modalert_jira_service_request_helper.py. and added an alert action stanza to alerts.conf.

Instead of performing three rest calls, one for the project id, one to get the issue type id and then finally creating the request I instead load all projects into a pub index named jira_pub. This one is then updated once an hour, this reduces the number of rest calls towards Jira.

Getting the projectKey from that index I do it like this (might be nicer ways in doing it):

# common_pub is used for testing, in production projects are loaded into jira_pub
        spl={}
        spl['search']="search index=common_pub projectKey="+jira_project+" earliest=-120m | head 1 | fields id"
        spl['output_mode']="json"
        spl['exec_mode']="oneshot"

        record_url = 'https://localhost:' + str(splunkd_port) \
                     + '/services/search/jobs/export/'
        headers = {
            'Authorization': 'Splunk %s' % session_key,
            'Content-Type': 'application/json'}

        response = requests.post(record_url, headers=headers, verify=False, data=spl)
        helper.log_debug("search response status_code:={}".format(response.status_code))
        jira_search_response = response.text
        jira_search_response_json = json.loads(jira_search_response)
        helper.log_debug("search response:={}".format(jira_search_response_json))
        jira_project_id=jira_search_response_json['result']['id']
        try:
            if jira_project_id is None: # The variable
                        helper.log_info("No project id found in index jira_pub for project name={}".format(jira_project))
                        return 0
        except NameError:
            helper.log_info("No project id found in index jira_pub for project name={}".format(jira_project))
            return 0
        helper.log_debug("Found id:={}".format(jira_project_id))

        # servicedesk id for request payload
        data['serviceDeskId'] = jira_project_id

        # add project as servicedesk id to url
        jira_issues_url=jira_url+'/servicedesk/'+jira_project_id+'/requesttype'

 

Whats missing is to add the itsi_group_id as correlation_id to the issue/request. Maybe this goes into a custom field in Jira.

Another thing is to update itsi_notable_event_ticketing to get the Jira issue/request tight to the Episode and displayed under impact.

I did not attach the whole python script yet not sure where to send it.

0 Karma

Schroeder
Explorer

By using the jirarest command we are able to create service requests in Jira. Not nice but it works. In the end we would love seeing this working with Splunk ITSI alert action. For now it will end up in a correlation search.
According to the documentation the map command is not supported after an appendpipe but again it works.

|makeresults
|eval description="This is the issues description set by the itsi description field"
|eval summary="[TEST]This is the issues summary"
|eval request_type="Request"
|eval servicedesk_id="123"
|eval target="/rest/servicedeskapi/servicedesk/".servicedesk_id."/requesttype"
|appendpipe[
|map search="
   | jirarest account="JiraTEST" target="$target$"
   | spath output=id path=values{}.id
   | spath output=name path=values{}.name
   | eval _time=now()
   | table id name
  "
]
|stats list(id) as id list(name) as name first(request_type) as request_type first(servicedesk_id) as servicedesk_id first(description) as description first(summary) as summary
|eval pos=mvfind(name,request_type)
|where NOT isnull(pos)
|eval type=mvindex(id,pos)
|eval payload="{\"serviceDeskId\": \"".servicedesk_id."\",\"requestTypeId\": \"".type."\",\"requestFieldValues\": {\"summary\": \"".summary."\",\"description\": \"".description."\"}}"

|map search="jirarest account="JiraTEST" target="/rest/servicedeskapi/request" method="POST" json_request="$payload$""
0 Karma

guilmxm
Influencer

HI @Schroeder 

Thanks for sharing - gotcha, I had done experiences earlier and I have an Altassian env which I understand provides me with the same product (ITSM)
However I couldn't get the regular alert action to fail so I need to review it 

Likely I would need to add another alert action due to the changes in the structure but I need to review this - it's on my list 😉

0 Karma

Schroeder
Explorer

Hi @guilmxm 

Just let me know on how I can support you. I can apply changes from our git repo to get it deployed, in case you want me to test.

//Peter

0 Karma

Schroeder
Explorer

This is a curl request which does work for the mentioned URL:

curl --request POST 'https://a.b.c.com/rest/servicedeskapi/request' \
--header 'Authorization: Basic xXxXxXxXXXXXxxxxXXXxxxxxxxXXXXXXXXXxxxxxxxxxxxxx' \
--header 'Content-Type: application/json' \
--data-raw '{
    "serviceDeskId": "279",
    "requestTypeId": "3504",
    "requestFieldValues": {
        "summary": "TestRequest JSD help via REST",
        "description": "This is a test request"
    }
}'
0 Karma

guilmxm
Influencer

Hi @Schroeder 

Hum, right sounds about weird, there are different JIRA products and somehow things are a bit confusing.

The answer from the API when saying "not on the screen"


 Usually indicates that the field needs to be set on the screen in JIRA (for that project), but those mentioned are usually mandatory fields so that is confusing.

It seems to be specific to either the JIRA product you're having or the type of the project, I see a reference to:

https://developer.atlassian.com/cloud/jira/service-desk/rest/

Currently, the API url is hard coded in the Python backend, so it would need some modifications to be something configurable (but not undoable)

I need to better understand what we are dealing with, if you come to an issue creation that works for your product then let me know how this looks like?

Trying to investigate what this REST API means

guilmxm
Influencer

If I am understanding it well it's called "JIRA Service Management" 
Will give it a try

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...