Troubleshooting custom email integration rules

I am trying to solve some issues I am having with the custom rules I set up for an email integration I am using.

+++

Open and resolve alerts based on custom rules:

  1. Resolve an alert if any of the following conditions apply
  • The email subject contains Success:

Deduplicate based on the alert key found between “Success:” and the very end of the email subject

  1. Trigger an alert if any of the following conditions apply
  • The email subject contains Failure:

Deduplicate based on the alert key found between “Failure:” and the very end of the email subject

  1. Resolve an alert if any of the following conditions apply
  • The email subject contains now: Up

Deduplicate based on the alert key found between "[PRTG Network Monitor (XXX-XX-XXXX-XX)] " and “Down” in the email subject

  1. Resolve an alert if any of the following conditions apply
  • The email subject contains now: Warning

Deduplicate based on the alert key found between "[PRTG Network Monitor (XXX-XX-XXXX-XX)] " and “Down” in the email subject

  1. Trigger an alert if any of the following conditions apply
  • The email subject contains now: Down

Deduplicate based on the alert key found between "[PRTG Network Monitor (XXX-XX-XXXX-XX)] " and “Down” in the email subject

And discard any email that does not match any of the above rules

+++

Rules 1 and 2 work great but the alert emails from PRTG are not linking together and are not resolving. I tried escaping the special characters but that didn’t work. I did notice the Alert keys are using the entire subject field information instead of what the custom rules say to link together. Any help would be greatly appreciated.

+++

Example of the alert keys:

[PRTG Network Monitor (XXX-XX-XXXX-XX)] XXX-XXX-XXXXX Disk Free: E:\ Label:XXX-XXX-XXXXX_E Serial Number 1071c327 (SNMP Disk Free) Down ESCALATION REPEAT (10 % (Free Space) is below the error limit of 10 % in Free Space)

Hi Aaron!

When I compare the email subject example to your Email Management rules, I’m not seeing that it would have matched against any of them to trigger or resolve an incident. I searched for now, Failure and Success.

I do see Down instead of now: Down so I’m not sure if this was the rule it should have matched. If it did, it should capture XXX-XXX-XXXXX Disk Free: E:\ Label:XXX-XXX-XXXXX_E Serial Number 1071c327 (SNMP Disk Free) as the Alert Key to link the Down and Up emails together.

If you’d like to review specific examples, feel free to create a Support ticket providing the specific email subjects you wanted it match against the specific email management rule and the timestamp the email was sent. If the issue is then that they’re not linking together, please provide the corresponding email subject and timestamp for the email that should have auto-resolved which incident example. We’ll be able to check what the behaviour was for those logs.

Hello geeth,

Thank you for your help. I hadn’t noticed until you said that “now: Down” wasn’t in the subject line. PRTG was sending slightly different worded subjects depending on the alert, so I changed what PagerDuty should be looking for and it appears to be working beautifully.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.