Configuring Splunk to Open JSD Server Tickets
Prerequisites
- Obtain administrator access to Splunk.
- Install and configure the Splunk app.
- Install and configure the JSD add-on.
Procedure
To automatically create JSD tickets from Splunk alerts, add an action to the alert in Splunk.
- From the Alerts page, click Open in Search beside the desired alert.
Alternatively, run a new search. Ensure the following condition is included in the search:
where isnull(self)
For example:index=* "FATAL" | where isnull(self)
This condition excludes the new JSD ticket from subsequent searches, ensuring that Splunk opens only one ticket each time the alert is triggered.
- Go to Save As > Alert.
- At the bottom of the window, click Add Actions, and then select JIRA Service Desk Ticket.
- Enter the connection details, and click Save.
Field Description Auth Token Base64-encoded user name and password for the JSD user that the Splunk app will use to communicate with your JSD instance. Encode the credentials in the format:
<user_name>:<password>
. For example:splunkadmin:splunkadmin
Server ID Identifier for the connection to this Splunk server in your JSD instance. Server URL URL of your JSD instance. Project Key Unique identifier for the JSD project where you want to create tickets from Splunk.
The next time the search generates an alert, it will automatically create a ticket in your JSD instance.