WebsiteAPI ReferenceLoginStart for Free

Email Inbound Integration

This page describes how to integrate ilert with any tool that can send emails.

Email integration is the easiest way to integrate ilert with your monitoring system. Each email alert source in ilert has its own email address (e.g. [email protected]). As soon as your monitoring system sends an email to this address, ilert will create an alert.

If you are migrating legacy email settings, please follow this guide for more info.

Create an email alert source

  1. Go to Alert sources and click on Create new alert source

  2. Select Email

  3. Enter a name and select an escalation policy

  4. Enter an email address for the alert source

  5. Click on Continue Setup

Your email alert source is now active. Any email sent to the email address will create an alert in ilert and trigger the alerting process using the alert source's escalation policy. The default setting creates an alert in ilert for each incoming email.

Fine-tuning email integration

All basic features of an alert source are available for the email alert source as well, but there are a couple of options to further fine-tune your alert source to the email use-case. Additionally, there are settings for custom processing rules only available for the email integration type.

Event filter

The event filter allows you to ignore emails based on the content of the email's properties, such as subject, body, cc, bcc and from.

In the above settings, only emails from [email protected] that contain the word PROBLEM in the subject will be accepted.

More information on event filters can be found here.

Alert key extraction

You can choose any email field to be used as an alert key, serving as a unique identifier for open alerts. When another email with the same alert key is received, it will be correlated to any open alert with the same alert key, resulting in correlation and deduplication of emails. The alert key field makes use of the ITL.

The subject of the email will be used as the alert key.

Custom processing rules

The email alert source allows for email-specific processing rules, determining when an incoming email should create, accept, or resolve an alert. A configuration via the ICL allows for complex rule setups.

Examples of such setups can be found here:

Automatically resolve Alerts with EmailsEmail Key Extraction and Resolve Examples

Representation of Non-ASCII text in the headers

Note that RFC 822 headers must contain only US-ASCII characters. To use non-ASCII characters in the headers, they must be encoded by the caller according to the rules of RFC 1342.

FAQ

Does ilert also process emails that are sent by forwarding to an alert source address?

Yes, ilert evaluates the TO , CC and BCC fields as well as the DELIVERED-TO header when processing emails.

My monitoring system sends emails when an issue is recovered (e.g. RECOVERY emails in Nagios). Can ilert use these emails to resolve previously created alerts?

Yes, see Automatically resolve Alerts with Emails for further information.

I need more examples that illustrate regex alert key extraction from emails, where can I find them?

Take a look here. Why do my alerts contain odd characters such as 'ö' ?

It seems like your email message does not follow the RFC 822 standard and contains Non-ASCII characters. Please refer to this section.

Related articles

Email Outbound Integration
PreviousElastic Watcher IntegrationNextEmail Key Extraction and Resolve Examples

Last updated

Was this helpful?