On this page:

Related pages:

Related links:

You can configure Splunk to automatically open a ticket in JIRA Service Desk (JSD) when a saved search generates an alert.

Prerequisites

Procedure

To automatically create JSD tickets from Splunk alerts, add an action to the alert in Splunk.

From the Alerts page, click Open in Search beside the desired alert.
Alternatively, run a new search.
Ensure the following condition is included in the search: where isnull(self)
For example:
```
index=* "FATAL" | where isnull(self)
```
This condition excludes the new JSD ticket from subsequent searches, ensuring that Splunk opens only one ticket each time the alert is triggered.
Go to Save As > Alert.
At the bottom of the window, click Add Actions, and then select JIRA Service Desk Ticket.

Enter the connection details, and click Save.

Field	Description
Auth Token	Base64-encoded user name and password for the JSD user that the Splunk app will use to communicate with your JSD instance. Encode the credentials in the format: `<user_name>:<password>`. For example: `splunkadmin:splunkadmin`
Server ID	Identifier for the connection to this Splunk server in your JSD instance.
Server URL	URL of your JSD instance.
Project Key	Unique identifier for the JSD project where you want to create tickets from Splunk.

The next time the search generates an alert, it will automatically create a ticket in your JSD instance.