Configuring Splunk to Open JSD Server Tickets



You can configure Splunk to automatically open a ticket in JIRA Service Desk (JSD) when a saved search generates an alert.

Prerequisites

Procedure

To automatically create JSD tickets from Splunk alerts, add an action to the alert in Splunk.

  1. From the Alerts page, click Open in Search beside the desired alert.
    Alternatively, run a new search.
  2. Ensure the following condition is included in the search: where isnull(self)
    For example:

    index=* "FATAL" | where isnull(self)

     This condition excludes the new JSD ticket from subsequent searches, ensuring that Splunk opens only one ticket each time the alert is triggered.

  3. Go to Save As > Alert.
  4. At the bottom of the window, click Add Actions, and then select JIRA Service Desk Ticket.
  5. Enter the connection details, and click Save
    FieldDescription
    Auth Token

    Base64-encoded user name and password for the JSD user that the Splunk app will use to communicate with your JSD instance. Encode the credentials in the format: <user_name>:<password>. For example:
    splunkadmin:splunkadmin

    Server IDIdentifier for the connection to this Splunk server in your JSD instance.
    Server URLURL of your JSD instance.
    Project KeyUnique identifier for the JSD project where you want to create tickets from Splunk.

    The next time the search generates an alert, it will automatically create a ticket in your JSD instance.

Next Steps

Analyze data and configure reports in Splunk.