Differentiate alert creation or incident creation based on email content

email-management

(Arpanbhagat5) #1

Hello there,
I have been trying a lot of things with email management features.
Is it possible to create just an alert and not trigger an incident for an email integration based on the contents of the email received by the integration.

Can someone please guide me in this regard?

Thanks,
Arpan


(John O'Donnell) #2

HI Arpan,

The only way to create an Alert and not have it create an Incident would be –

Using the contents of an email, you could add the Alert to an already open Incident by selecting ‘Create a new incident for each new alert subject’ in the Email integration side.

or

Use Alerts but have this suppressed, you can read more about suppression here.

Hope this helps, let me know if you have any more questions.

John


(Arpanbhagat5) #3

Hi John.

The solution that you shared will make all the alerts to not open incidents irrespective of their content.

Looking into how suppression based on event rules work.
PS: you shared the wrong link.

Regards,
Arpan


(Thomas Roach) #4

Using the Create a new incident for each new alert subject setting will not make all alerts unable to open incidents, it will instead create an incident if there isn’t one already open with that subject open, and then append any further incidents with the same subject to the open incident, until that incident is closed. Suppression will, of course, suppress the incident, ensuring an incident won’t be created but still allowing the alert to be viewed in the Alerts section.

I’m sure you’ve found the article link already, but if not, you can view it here.


(Arpanbhagat5) #5

Hello Thomas
Thank you for the information. I tried the triggered(suppressed) feature using service’s event rules settings, but that doesn’t work for a service which has just email integration.

I will try to explain what i am trying to achieve.

I have a service that I want to monitor and it has some email integration.
There are different kinds of alerts that come from that service.
We can understand the type of alert by the content of the alert (For eg. Subject, since it was an email integration)

  1. Now for some type of alerts(Error/critical) i want to create incident (Did this with regex of email management)
  2. For some alerts (info : Issue fixed), I want to use them for resolving already opened incidents (Did this with regex of email management)
  3. And for others (info, warning), I want to just save the alerts without creating any incidents (Couldn’t achieve this)

So, I am stuck in configuring the service so that I can do all the 3 things listed above.
I know it’s a little vague for you, but can you help me out here.

Thanks
Arpan


(John O'Donnell) #6

HI Arpan,

Thanks for updating us. The only way an Alert can be created and not trigger an incident is through Suppression, outside of this it is not possible.

However if you do have some examples of incidents you would like us to take a closer look at please email our support team on support@pagerduty.com, and we will happily check it out, we just wouldn’t want you sharing account details on an open forum.

Kind regards,
John


(Arpanbhagat5) #7

Hello John

I will try to formulate my case in an email later.
Thanks for the heads up on account details being posted publicly.

Thank you
Arpan