Home

Add Comment to incident fails with error 500

%3CLINGO-SUB%20id%3D%22lingo-sub-983160%22%20slang%3D%22en-US%22%3EAdd%20Comment%20to%20incident%20fails%20with%20error%20500%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-983160%22%20slang%3D%22en-US%22%3E%3CP%3EHi!%3C%2FP%3E%3CP%3EI've%20created%20a%20playbook%20to%20create%20incident%20in%20our%20ticketing%20system%20which%20then%20returns%20back%20ticketing%20system%20incident%20ID%20which%20I%20want%20to%20add%20as%20comment%20to%20Sentinel%20Incident.%20However%20it%20fails%20with%20error%20500%20and%20no%20explanation.%3C%2FP%3E%3CP%3EHere's%20an%20example%20workflow%2C%20where%20I%20have%20removed%20incident%20creation%20in%20ticketing%20system%2C%20however%20adding%20comment%20still%20fails.%20On%20another%20hand%2C%20using%20same%20connections%20adding%20tag%2Flabel%20to%20incident%20works%20fine.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F154866i6F79D41A038710DA%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_0.png%22%20title%3D%22clipboard_image_0.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EHere's%20an%20error%3A%3C%2FP%3E%3CDIV%3E%3CDIV%3E%3CSPAN%3E%7B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%22error%22%3C%2FSPAN%3E%3CSPAN%3E%3A%20%7B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%22code%22%3C%2FSPAN%3E%3CSPAN%3E%3A%20%3C%2FSPAN%3E%3CSPAN%3E500%3C%2FSPAN%3E%3CSPAN%3E%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%22source%22%3C%2FSPAN%3E%3CSPAN%3E%3A%20%3C%2FSPAN%3E%3CSPAN%3E%22logic-apis-westeurope.azure-apim.net%22%3C%2FSPAN%3E%3CSPAN%3E%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%22clientRequestId%22%3C%2FSPAN%3E%3CSPAN%3E%3A%20%3C%2FSPAN%3E%3CSPAN%3E%22ea454747-d040-4417-88c8-841d4cc5dd87%22%3C%2FSPAN%3E%3CSPAN%3E%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%22message%22%3C%2FSPAN%3E%3CSPAN%3E%3A%20%3C%2FSPAN%3E%3CSPAN%3E%22BadGateway%22%3C%2FSPAN%3E%3CSPAN%3E%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%22innerError%22%3C%2FSPAN%3E%3CSPAN%3E%3A%20%7B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%22debugInfo%22%3C%2FSPAN%3E%3CSPAN%3E%3A%20%3C%2FSPAN%3E%3CSPAN%3E%22clientRequestId%3A%20ea454747-d040-4417-88c8-841d4cc5dd87%22%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%7D%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%7D%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%7D%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3ELogicApp%20with%20playbook%20has%20been%20registered%20in%20Azure%20AD%2C%20Azure%20Sentinel%20and%20Log%20Analytics%20Contributor%20roles%20have%20been%20added.%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3EService%20principal%20for%20API%20connection%20to%20Azure%20Sentinel%20has%20been%20created%20and%26nbsp%3BAzure%20Sentinel%20and%20Log%20Analytics%20Contributor%20roles%20have%20been%20added.%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3EI%20would%20appreciate%26nbsp%3Bany%20help.%20Thanks!%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3EGunars%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-983160%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Ecomment%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Elabel%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPlaybook%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-984281%22%20slang%3D%22en-US%22%3ERe%3A%20Add%20Comment%20to%20incident%20fails%20with%20error%20500%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-984281%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F444133%22%20target%3D%22_blank%22%3E%40GunarsL%3C%2FA%3E%26nbsp%3BI%20think%20that%20error%20can%20be%20resolved%20by%20re-authenticating%20your%20Sentinel%20connector%20however%20it%20will%20then%20throw%20another%20error%20about%20not%20returning%20proper%20JSON%20which%20Microsoft%20is%20working%20on%20resolving.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
GunarsL
New Contributor

Hi!

I've created a playbook to create incident in our ticketing system which then returns back ticketing system incident ID which I want to add as comment to Sentinel Incident. However it fails with error 500 and no explanation.

Here's an example workflow, where I have removed incident creation in ticketing system, however adding comment still fails. On another hand, using same connections adding tag/label to incident works fine.

clipboard_image_0.png

Here's an error:

{
"error": {
"code": 500,
"source": "logic-apis-westeurope.azure-apim.net",
"clientRequestId": "ea454747-d040-4417-88c8-841d4cc5dd87",
"message": "BadGateway",
"innerError": {
"debugInfo": "clientRequestId: ea454747-d040-4417-88c8-841d4cc5dd87"
}
}
}
LogicApp with playbook has been registered in Azure AD, Azure Sentinel and Log Analytics Contributor roles have been added.
Service principal for API connection to Azure Sentinel has been created and Azure Sentinel and Log Analytics Contributor roles have been added.
I would appreciate any help. Thanks!
Gunars
1 Reply
Highlighted

@GunarsL I think that error can be resolved by re-authenticating your Sentinel connector however it will then throw another error about not returning proper JSON which Microsoft is working on resolving.

Related Conversations
I want users to add New lines items in response
osman_124 in Microsoft Forms on
0 Replies
Teams Federation with S4B on premise
foxmuc in Microsoft Teams on
3 Replies
MSTeams Groups in outlook with macros disabled
ReadyorNot in Microsoft Teams on
0 Replies
Unknown Login Error
Alex_P3462 in Microsoft Teams on
0 Replies
Spelling Pop-Up Stuck on SharePoint List
aricornish in SharePoint on
0 Replies