Auto resolve from email - regex + rule help

We get emails from a legacy system, that I would like to join together to auto resolve. The first email will have the subject…

PROBLEM: SITE_OR_APPLICATION is CRITICAL on host HOST

…and the recovery email will have the subject…

RECOVERY: SITE_OR_APPLICATION is OK on host HOST

…where SITE_OR_APPLICATION is a description of the application or website having the problem and HOST is the name of the server on which it sits.

I’ve configured the email alerting so both emails create alerts, which is ok. However the “linking” doesn’t work, and I’d like to add a resolve rule too.

Could i get some help with the required regexes please?

The linking factor here is a combination of SITE_OR_APPLICATION and HOST, because we run the same apps on multiple hosts. Resolving can be done simply on the RECOVERY term…

Hi Chris,

You can create two rules in order to auto-resolve your email incidents.

Rule 1 should trigger an alert and contain PROBLEM. Rule 2 should resolve an alert and should contain RECOVERY.

In order to match the PROBLEM/RECOVERY alert key events correctly, your Regex will need to contain information that will grab a unique identifier from your SITE_OR_APPLICATION, whether within the subject of the alert or the body. Without knowing examples of your incoming events, we cannot determine exactly what Regex statements you will need to input. We recommend using Regex101.com or Rubular.com to test these capture groups.

If you would like additional assistance with your particular capture groups, feel free to write in to support@pagerduty.com so we can take a closer look at your details.

Cheers,
Hannah

Hannah, thanks for your response. SITE_OR_APPLICATION and HOST can be any string. Therefore the combination of the SITE_OR_APPLICATION and HOST values becomes the “linking key”, but i’m unclear how to specify this using regex. Does a specific regex group have to identify the key?

I’m going to try ^.*: (.*)is \w* on host (.*)$ as the key, this creates (according to https://regex101.com/r/GeXY1u/2) two groups, one that matches SITE_OR_APPLICATION and one that matches HOST, and accordning to the docs at https://support.pagerduty.com/docs/email-management-filters-and-rules#specifics-of-pagerdutys-capture-group-implementation this will create a key.

Hello Chris,

That’s OK. If the issue still persist and you require more assistance, please email support@pagerduty.com directly, referencing #267400 . We would require more details which we would rather you don’t post here.

Cheers