Re: Ticket Creation in Jira from Splunk as an aler...

sarvesh_11 · ‎10-11-2021

Hello Splunkers,

https://splunkbase.splunk.com/app/5037/ i am using this add-on to create a ticket in Jira, as an alert action.

But after the set-up giving the JIRA URL and Credentials, it gives an error for this query:

index=_internal sourcetype=splunkd component=sendmodalert

PickleRick · ‎10-11-2021

Well, error 5 is "unexpected error" so hard to say what happened without detailed logs.

Did you do as the https://splunkbase.splunk.com/app/5037/#/details says in Troubleshooting section?

sarvesh_11 · ‎10-11-2021

yeah i did that. Doing Debug on sendmodalert, gave me 400 logs for 1alert. on checking that, everything looks fine, except these 4 events.

I just wanted to know about command "sendalert", where is this command?

As it shows in logs, "Error is sendalert command". I am unable to locate the python file for this command.

PickleRick · ‎10-11-2021

sendalert seems to be a custom splunk command probably using some helper script.

Easiest way to find where it's defined is

find /path/to/the/app -type f -name \*.conf | xargs grep sendalert

sarvesh_11 · ‎10-11-2021

M clueless, how to proceed.

Any other way, we can do splunk jira integration?

PickleRick · ‎10-11-2021

What I'd try:

Check logs on Jira's side to see whether there are more meaningful error messages there
If possible - disable encryption or put some MITM proxy in place and check the raw HTTP communication between Splunk and Jira.

Ticket Creation in Jira from Splunk as an alert-action?