Even that setting also throwing the same error. But that still didn't work, im seeing the same errors. and certificate verify failed: unable to get local issuer certificate I have added the certificate of our Jira to SplunkTAJiraCloud/lib/certifi/cacert.pem and restarted splunk. As this is showing the error, I changed it to "http". REST Error 400: Bad Request - Failed to connect to validate domain. Self.protocol = self.input_itemsīut I gave correct protocol only as "https". 15:53:24,795 ERROR pid=10288 tid=MainThread file=base_modinput.py:log_error:69 | Get error when collecting events.įile "C:\Users\akarivarathara\Documents\SRE\Splunk\etc\apps\jira\bin\libs\modinput_wrapper\base_modinput.py", line 173, in stream_eventsįile "C:\Users\akarivarathara\Documents\SRE\Splunk\etc\apps\jira\bin\jira.py", line 307, in collect_eventsįile "C:\Users\akarivarathara\Documents\SRE\Splunk\etc\apps\jira\bin\jira.py", line 249, in extract 15:53:24,792 INFO pid=10288 tid=MainThread file=base_modinput.py: init:50 | Can not import package:libs_setup_util When I check the libs_jira.log, I am getting the below error: If I run any simple jql query also I am getting the results as "no results found". However, there is still no data in the specified indexer after several 60 second intervals have passed. 09:42:11,594 ERROR pid=12703 tid=MainThread file=base_modinput.py:log_error:69 | Get error when collecting events.įile "/opt/splunk/etc/apps/dpz_jira_plugin_search/bin/libs/modinput_wrapper/base_modinput.py", line 173, in stream_eventsįile "/opt/splunk/etc/apps/dpz_jira_plugin_search/bin/jira.py", line 307, in collect_eventsįile "/opt/splunk/etc/apps/dpz_jira_plugin_search/bin/jira.py", line 254, in extractĪfter removing the setup_util lines from the base_modinput.py, the errors stop. 09:42:11,593 INFO pid=12703 tid=MainThread file=base_modinput.py: init:50 | Can not import package:libs_setup_util There is no exception aside from the setup_utils - this is the only thing mentioned in the libs_jira.log for every execution:
Many things, but this does now work in my environment. Why it requires a space defies the logic behind csv format, but it must be there.įield limiting and a smart JQL are a must, because otherwise a massive amount of data is returned and your Splunk queries will have to be very selective. Also, make sure you separate your fields with a, followed by a " " - because the split in jira.py splits based on ", " ("Can not import package:" +ģ) The Python script appends "and updated > -5m" to the JQL, (5m is based on what nf has for interval) so make sure you wrap your JQL in ( ) so that it's treated as a complete query and the "and updated" logic gets applied after the JQL.Ĥ) If you use the "fields" limiter in the nf, you must have "updated" in the list or the jira.py fails.
tup_util_module = importlib.import_module(self.namespace + "_setup_util") this whole piece can be commented out of lib/modinput_wrapper/base_modinput.py: try: What module, path, or combination of both is required for this import to function?ġ) If you change the name of the Application to meet your organization's naming standards, make sure you change the jira.py line 84 to this: return "your_name_here"Ģ) You don't need the modinput. The strange thing is that there is no module called lib_setup_util in the Splunk Python distribution, or the O/S Python distribution, including python-libsĪctive internet searches regarding modular input yield nothing aside from a similar Splunk Add-on for Bamboo. 15:31:20,387 ERROR pid=36306 tid=MainThread file=base_modinput.py:log_error:70 | Get error when collecting events.įile "/opt/splunk/etc/apps/dpz_jira_plugin_search/bin/libs/modinput_wrapper/base_modinput.py", line 174, in stream_events
However, trying to use the interval based query and index method within nf it throws this error every execution: 15:31:20,386 INFO pid=36306 tid=MainThread file=base_modinput.py:_init_:51 | Can not import package:libs_setup_util As a part of this approach I required the data to be within relative from now to the last five mins, similar to the proof-of-concept works.Add-on for JIRA is installed and executes fine on-demand with config.ini when using things like: | jira jqlquery "Project='bob'" Not a SIEM solution though even though customer should be aiming for solutions that go beyond what a SIEM does, that is, a Security Intelligence platform. The intended purpose is to feed audit logs into Splunk to enable protective monitoring, such as detecting known bad behaviour will send alerts to the team for investigation/remediation. I have been ingesting data from JIRA API to Splunk.Īs a proof-of-concept to prove that JIRA can send data to Splunk is via updates from Kanban boards will be sent to Splunk using rest/api/2/search?jql=project+%3D+KANBAN+AND+updated+%3E%3D+-5m.
0 kommentar(er)
