search

guilhemmarchand / TA-jira-service-desk-simple-addon

Atlasian JIRA add-on for Splunk alert actions
11 stars 8 forks source link

[BUG] create Jira alert action fails when trigger condition is (number of results=0) #198

Open jeanblablatiste opened 2 weeks ago

jeanblablatiste commented 2 weeks ago

Hi,

Context

I want to create a Jira when there isn't anymore events in an index. The "Open an issue in JIRA Service Desk" alert action doesn't works when there is no event in Splunk alert search result.

Step to reproduce

  1. create an alert with "Open an issue in JIRA Service Desk" alert action and trigger condition is "number of result is equals to 0"
  2. Notice the error in _internal index, splunk search : index=_internal action=jira_service_desk error :

ERROR sendmodalert [2583196 AlertNotifierWorker-0] - action=jira_service_desk STDERR - FileNotFoundError: [Errno 2] No such file or directory: '/opt/splunk/var/run/splunk/dispatch/scheduler_amVhbi1iYXB0aXN0ZS5jaGFydmV0QGJsYWJsYWNhci5jb20_YmxhYmxhY2FyX3NlYw__RMD52c0fee565e503f75_at_1730220840_21247/results.srs.zst'

Non elegant workaround

  1. Create a Splunk report that creates events in a summary index when there is no more events in the first index (cf context paragraph), use collect Splunk command
  2. Create a Splunk alert with trigger condition = "number of result >0 in summary index"

Next steps

I can provide more detail if required!

Thanks!

jeanblablatiste commented 2 weeks ago

Ah! I've just seen I'm not on last app version (2.0.18), I'm on 2.0.16. I'll let you know soon if the error still occurs in 2.0.18.

jeanblablatiste commented 1 week ago

I confirm that the bug is too in v2.0.18, exact same behavior.