search

Yelp / elastalert

Easy & Flexible Alerting With ElasticSearch
https://elastalert.readthedocs.org
Apache License 2.0
8k stars 1.73k forks source link

Jira customfield not taking argument #3073

Open rishi360 opened 3 years ago

rishi360 commented 3 years ago

Hi Elastalert Team,

I am trying to setting up elastalert to send notification when alert generated.

Elastalert able to create jira ticket when I am using this in rule field.

//_name: Sites Down description: Site pings returned down more than once in 2 minutes. type: frequency index: heartbeat-* num_events: 1 timeframe: minutes: 1 filter:

realert: minutes: 30

alert:

jira_server: "https://abc.atlassian.net/" jira_project: "RS" jira_issuetype: "Incident" jira_account_file: "/xxxxx/xxxx" jira_priority: 0

alert_subject: "Site Goes Down" alert_subject_args:

email_format: html alert_text_type: alert_text_only alert_text: |

Hi Team,

Site Goes down, Please check details in given below table.

Time in UTC Host.IP Monitor.Id Url.Port Monitor.Name Monitor.Type
{} {} {} {} {} {}

Regards,

Rishabh Gupta


alert_text_args:

But when I am trying to give Organization field argument value, jira ticket can not be creating .

Here is code When try to add jira_customfield

`name: Sites Down description: Site pings returned down more than once in 2 minutes. type: frequency index: heartbeat-* num_events: 1 timeframe: minutes: 1 filter:

realert: minutes: 30

alert:

jira_server: "https://abc.atlassian.net/" jira_project: "RS" jira_issuetype: "Incident" jira_account_file: "/xxxxx/xxxx" jira_priority: 0 jira_Organizations: "Test"

alert_subject: "Site Goes Down" alert_subject_args:

email_format: html

alert_text_type: alert_text_only alert_text: |

Hi Team,

Site Goes down, Please check details in given below table.

Time in UTC Host.IP Monitor.Id Url.Port Monitor.Name Monitor.Type
{} {} {} {} {} {}

Regards,

Rishabh Gupta


alert_text_args:

When I use this jira ticket not created, Getting some error

ERROR:root:Error while running alert jira: Error creating JIRA ticket using jira_args ({'project': {'key': 'RS'}, 'issuetype': {'name': 'Incident'}, 'priority': {'id': '1'}, 'customfield_10800': [{'name': 'Test'}], 'summary': 'Site Goes Down on GCH(core-product)-AWS Critical to Watch and fix', 'description': '\n\n\n

Hi Team,

\n

Site Goes down, Please check details in given below table.

\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n
Time in UTCHost.IPMonitor.IdUrl.PortMonitor.NameMonitor.Type
2020-12-23T03:43:50Z x.x.x.x qa-http-monitor-tomcat xxxx Qa Monitor Tomcat http
\n
\n

Regards,

\n

Rishabh Gupta


\n\n\n\n'}): JiraError HTTP 400 url: https://abc.atlassian.net/rest/api/2/issue text: Operation value must be a number at array index 0

    response headers = {'Server': 'AtlassianProxy/1.15.8.1', 'cache-control': 'no-cache, no-store, no-transform', 'Content-Type': 'application/json;charset=UTF-8', 'Strict-Transport-Security': 'max-age=315360000; includeSubDomains; preload', 'Date': 'Wed, 23 Dec 2020 04:19:06 GMT', 'ATL-TraceId': 'sdDDd', 'x-arequestid': 'asddsadD', 'x-aaccountid': 'asdkjndowe', 'X-XSS-Protection': '1; mode=block', 'Transfer-Encoding': 'chunked', 'timing-allow-origin': '*', 'x-envoy-upstream-service-time': '170', 'X-Content-Type-Options': 'nosniff', 'Connection': 'close', 'Expect-CT': 'report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", enforce, max-age=86400'}
    response text = {"errorMessages":[],"errors":{"customfield_10800":"Operation value must be a number at array index 0"}}

The main problem is that when ever i want to give organization name in alert rule, The alert not able to create jira ticket.

I have try soo many ways like

jira_Organizations: "Test" or jira_customfield_10800: "Test" or jira_customfield_10800: 8 # 8 is organization ID or jira_customfield_10800:

or jira_Organizations:

In All these above cobination I have tried. But none of them working.

Getting Same error

response text = {"errorMessages":[],"errors":{"customfield_10800":"Operation value must be a number at array index 0"}}

ERROR:root:Error while running alert jira: Error creating JIRA ticket using jira_args ({'project': {'key': 'RS'}, 'issuetype': {'name': 'Incident'}, 'priority': {'id': '1'}, 'customfield_10800': [{'name': 8}], 'summary': 'Site Goes Down', 'description': '\n\n\n

Hi Team,

\n

Site Goes down, Please check details in given below table.

\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n
Time in UTCHost.IPMonitor.IdUrl.PortMonitor.NameMonitor.Type
2020-12-23T04:15:20.001Z ip.x.x.x qa-http-monitor-tomcat 8080 Qa Monitor Tomcat http
\n
\n

Regards,

\n

Rishabh Gupta


\n\n\n\n'}): JiraError HTTP 400 url: https://abc.atlassian.net/rest/api/2/issue text: Operation value must be a number at array index 0

    response headers = {'Server': 'AtlassianProxy/1.15.8.1', 'cache-control': 'no-cache, no-store, no-transform', 'Content-Type': 'application/json;charset=UTF-8', 'Strict-Transport-Security': 'max-age=315360000; includeSubDomains; preload', 'Date': 'Wed, 23 Dec 2020 04:16:32 GMT', 'ATL-TraceId': 'sassdd', 'x-arequestid': 'skdlksdnlsd', 'x-aaccountid': 'dnasdjksad', 'X-XSS-Protection': '1; mode=block', 'Transfer-Encoding': 'chunked', 'timing-allow-origin': '*', 'x-envoy-upstream-service-time': '123', 'X-Content-Type-Options': 'nosniff', 'Connection': 'close', 'Expect-CT': 'report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", enforce, max-age=86400'}
    response text = {"errorMessages":[],"errors":{"customfield_10800":"Operation value must be a number at array index 0"}}
rishi360 commented 3 years ago

@nsano-rururu Please can you share your suggestion or any help in this please

rishi360 commented 3 years ago

It seems that the added settings are not described in the document, but is there somewhere that it is supported? Or am I overlooking it? https://elastalert.readthedocs.io/en/latest/ruletypes.html#jira

according to the document, I have added the settings like jira_Organizations: "Test"

rishi360 commented 3 years ago

It seems that the added settings are not described in the document, but is there somewhere that it is supported? Or am I overlooking it? https://elastalert.readthedocs.io/en/latest/ruletypes.html#jira

according to the document, I have added the settings like jira_Organizations: "Test"

But did not work.

Then I also try so many other ways to do.

Like for example

I mention in the setting:

ira_customfield_10800: "Test" or jira_customfield_10800: 8 # 8 is organization ID or jira_customfield_10800:

"Test" or jira_Organizations:

"Test"

But none of them not worked. And getting same error message i.e

esponse headers = {'Server': 'AtlassianProxy/1.15.8.1', 'cache-control': 'no-cache, no-store, no-transform', 'Content-Type': 'application/json;charset=UTF-8', 'Strict-Transport-Security': 'max-age=315360000; includeSubDomains; preload', 'Date': 'Wed, 23 Dec 2020 04:16:32 GMT', 'ATL-TraceId': 'sassdd', 'x-arequestid': 'skdlksdnlsd', 'x-aaccountid': 'dnasdjksad', 'X-XSS-Protection': '1; mode=block', 'Transfer-Encoding': 'chunked', 'timing-allow-origin': '*', 'x-envoy-upstream-service-time': '123', 'X-Content-Type-Options': 'nosniff', 'Connection': 'close', 'Expect-CT': 'report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", enforce, max-age=86400'}

Exact error message : response text = {"errorMessages":[],"errors":{"customfield_10800":"Operation value must be a number at array index 0"}}

@nsano-rururu Please let me know what is correct setting and How to over come with error message and elastalert able to create jira ticket including given in "Organization"

rishi360 commented 3 years ago

Since it is written as a snake case, it is lowercase in English

Yes, I have tried also this way like:

jira_organizations: "Test" but did not worked.

rishi360 commented 3 years ago

Since it is written as a snake case, it is lowercase in English

Yes, I have tried also this way like:

jira_organizations: "Test" but did not worked.

@nsano-rururu any thought any solution, I guess this as bug. Because according to the document. https://elastalert.readthedocs.io/en/latest/ruletypes.html#jira I have done everything but not worked. This is could be bug in the python code. I guess so...

rishi360 commented 3 years ago

You should be using the following library https://pypi.org/project/jira/#data

This library already installed.

I guess it is having bug in code.

alerts.py search with jira. I think it is necessary to have the cause investigated by checking the value of the variable in the print statement. https://github.com/Yelp/elastalert/tree/master/elastalert

I have checked their no variable which will print this error or exception response text = {"errorMessages":[],"errors":{"customfield_10800":"Operation value must be a number at array index 0"}}

or anything matching like above error.

rishi360 commented 3 years ago

You should be using the following library https://pypi.org/project/jira/#data

This library already installed.

I guess it is having bug in code.

alerts.py search with jira. I think it is necessary to have the cause investigated by checking the value of the variable in the print statement. https://github.com/Yelp/elastalert/tree/master/elastalert

I have checked their no variable which will print this error or exception response text = {"errorMessages":[],"errors":{"customfield_10800":"Operation value must be a number at array index 0"}}

or anything matching like above error.

I guess bug would be around this code of function `def get_arbitrary_fields(self):

Clear jira_args

    self.reset_jira_args()

    for jira_field, value in self.rule.items():
        # If we find a field that is not covered by the set that we are aware of, it means it is either:
        # 1. A built-in supported field in JIRA that we don't have on our radar
        # 2. A custom field that a JIRA admin has configured
        if jira_field.startswith('jira_') and jira_field not in self.known_field_list and str(value)[:1] != '#':
            self.set_jira_arg(jira_field, value, self.jira_fields)
        if jira_field.startswith('jira_') and jira_field not in self.known_field_list and str(value)[:1] == '#':
            self.deferred_settings.append(jira_field)

`

rishi360 commented 3 years ago

@nsano-rururu could you please check the code according to the error. I guess this will be problem for all other user who want to give "organization": ""

rishi360 commented 3 years ago

Is Jira free to use? .. If you can use it, you can investigate the cause.

Jira is licensed we are using. ElastAlert is used to create ticket in jira but we add setting like jira_organizations: "Test"

then it did not create the ticket. And giving error

response text = {"errorMessages":[],"errors":{"customfield_10800":"Operation value must be a number at array index 0"}}

this what need to fix. And This one of the bug which look like @nsano-rururu

rishi360 commented 3 years ago

@Qmando can you look into this issue.

rishi360 commented 3 years ago

@rishi360

You have to fix it yourself.

I have not written these python code and not even compile. Elastalert Team need to fix this bug.

rishi360 commented 3 years ago

@rishi360

Does that mean that the custom field you're looking for has already been created in Jira?

Yes, created in jira.

nsano-rururu commented 3 years ago

I don't think ElastAlert's Jira alerts support custom field Organizations. Looking at the implementation, it seems that only a small part of the custom field is supported. キャプチャ 1 2

nsano-rururu commented 3 years ago

@rishi360

Do you recognize it in my survey results?

rishi360 commented 3 years ago

yes @nsano-rururu I recongnized, Agree that ElastAlert's Jira alerts does not support custom field Organizations. Let's this issue to in open state. So that some of any developer from ElastAlert Team can implement this. Thanks.

nsano-rururu commented 3 years ago

I can't handle it, so let's wait for someone else to see this issue and handle it.