Email Inbound Integration

This page describes how to integrate ilert with any tool that can send emails.

Email integration is the easiest way to integrate ilert with your monitoring system. Each email alert source in ilert has its own email address (e.g. As soon as your monitoring system sends an e-mail to this address, ilert will create an alert.

In ilert: create an email alert source

  1. Go to Alert sources and click on Add a new alert source

  2. Enter a name and select an escalation policy

  3. Chose Email as integation type

  4. Enter an email address for the alert source

  5. Save the email alert source

Your email alert source is now active. Any email sent to the email address will create an alert in ilert and trigger the alerting process using the alert source's escalation policy. The default setting creates an alert in ilert for each incoming email. The next section explains advanced settings, such as deduplicating or filtering emails.

Fine-tuning email integration

By default, ilert creates a new alert for every email sent to the alert source's email address. You can fine-tune this behavior by

  • adding email filter, which lets you filter emails based on defined conditions

  • modifying alert creation options

Email filters

Email filters allow you to ignore emails based on the content of the email's subject, body, or from address.

Alert creation


Open a new alert for every email

Each email sent to the alert source's email address will create a new alert.

Open a new alert for every new email subject

Alerts are de-duplicated based on the subject of the emails. Case sensivitiy and whitespaces are ignored. Deduplication considers only the emails of open alerts.

If, for example, a monitoring system sends two e-mails in succession with the same subject, a new alert is created for the first e-mail and the second e-mail is appended to the created alert in the event log.

Open a new alert only if all alerts in this alert source are in RESOLVED or ACCEPTED OR RESOLVEDstate

An email sent to the alert source's email address will only open a new alert if an open alert does not already exist; otherwise, the email will be appended to the last open alert. Example: You get alerted at 3 A.M. in the morning and accept the alert and decide to look at the problem the next morning. In the meantime, if a new (potentially critical) issue is reported to ilert, a new alert will be notified again. In this scenario, you need to chose ACCEPTED ir RESOLVED in the dropdown list.

Open and resolve alerts based alert keys extracted from emails

Use defined rules to link emails to the same alert based on matching substrings in the email subject or body. See Automatically resolve Alerts with Emails

Incident Resolution based on Emails

pageAutomatically resolve Alerts with Emails


Does ilert also process e-mails that are sent by forwarding to an alert source address?

Yes, ilert evaluates the TO , CC and BCC fields as well as the DELIVERED-TO header when processing email.

My monitoring system sends emails when an issue is recovered (e.g. RECOVERY emails in Nagios). Can ilert use these emails to resolve previously created alerts?

Yes, see Automatically resolve Alerts with Emails for further information

I need more examples that illustrate regex alert key extraction from emails, where can I find them?

Take a look here.

pageEmail Outbound Integration

Last updated