Can event rule use event fields added by global rule?


We want to merge alerts from 2 different sources , one uses email integration, and one uses API integration. Currently the event rule can not work with email, and global ruleset can work with email.

I found they have same event filed(CEF) and wondering if they can work together. I have added same dedup_key and summary to global rule and event rule, and expected alerts matched to these two rules will be merged into single incident which have same dedup_key and summary set by rules.

However, it did not work. So I guess the event field on global rule and event rule are on different layer or something? Is there any way to merge them into single incident? Or do we want to wait until email will be supported by event tule?


Hello Kyouhei,

Many thanks for reaching out!

Yeah, Service Level event rules are not supported by Email Integrations

You can’t combine a email Alert with one from triggered off an API Integration.
Also can I point out that Incidents from a Service will have a different service key from that triggered using the Global Rulesets. You will find more details on Rulesets here

I hope that helps.