Splunk
How to send a Splunk alert to create an issue in Jira
Create a new Alert in Splunk, choose trigger Webhook
https://docs.splunk.com/Documentation/Splunk/8.2.0/Alert/WebhooksIn the web hook add https://<<jira_username>>:base64encoded_password@<<jira_base_url>>/rest/restfulintegrator/1.0/incoming/splunk
Note you can use the Base64 Encoder shipped with iHub to encode the password. This is due to that Jira requires a login to send data to the iHub incoming service.
Splunk will fire off a payload like this:
{ "result": { "sourcetype" : "mongod", "count" : "8" }, "sid" : "scheduler_admin_search_W2_at_14232356_132", "results_link" : "http://web.example.local:8000/app/search/@go?sid=scheduler_admin_search_W2_at_14232356_132", "search_name" : null, "owner" : "admin", "app" : "search" }
Go to iHub Integrations
Click CreateÂ
Enter name Splunk: Create Issue
Select Jira Core as template category
Select Create Issue as a template
Click Create
On the Configure page select a basic auth which is the user that will create the ticket in Jira. See Credentials for more info
Modify the body to match your configuration of Jira. Map the alert data as you want it to appear on the ticket.
{ "fields": { "project": { "key": "ABC" }, "summary": "Splunk Alert: {{sid}}", "issuetype": { "name": "Task" },
 "description":"Splunk alert sid {{sid}} with {{owner}} has triggered an alert!", "reporter": { "name": "kg" }, "labels": [ "splunk" ], "customfield_10201":"{{results_link}}" } }
Â
Receiving Splunk alert
Click Save
Goto Incoming Webhooks and Click New Rule
Enter a name, like Splunk Alert
Click Add Condition
Select URL condition
Operand should be ~ (a tilde, means wildcard)
In the Compare with enter splunk and press Add,
This will make iHub filter incoming calls to this rule if it has splunk in its url like the one we crafted in the beginning: https://<<jira_username>>:base64encoded_password@<<jira_base_url>>/rest/restfulintegrator/1.0/incoming/splunk
Select the Splunk: Create Issue action that we created above
Hit the Save button
Now you can test the whole flow by triggering an alert or sending in a request using postman or other testing tools.