Can be done by choosing
extract through regex as incident key email extraction.
A sample regex to parse a UUID v4 format is the following:
This regex will pull any kind of uuid matching somewhere in the email subject and use it as integration key to aggregate incoming emails on incidents.
A very common use case might be a monitoring tool that sends emails containing the actual alert origin embedded in the text like so: Some static text (the alert origin) Some information about the state
These payloads are a perfect fit for iLert's key extraction and auto-resolve feature. Lets assume we have the following email subjects, which are send to us in two emails following each other:
Service: SuperService BayArea (bayarea.super) is CRITICAL
Service: SuperService BayArea (bayarea.super) is OK
We have to setup a regex that extracts the inner service identification to use the extracted value as incident key, which will help us group the incoming emails in a single incident.
In both cases this regex will extract from Service: to is in the example above SuperService BayArea (bayarea.super) which iLert will turn into an incident key hash to automatically map all other incoming emails with the same text to the incident.
By adjusting a few more settings for the email alert source's resolve options, we can also make use of the third part of the subject the state and let all OK containing subjects resolve open incidents automatically.
In action the timeline will also show us how the incoming subjects change the status of the incident.
And with the help of the alert source's email log we can also see how the incoming emails are treated (emails that fail to pass filters will also show up here, in case you need more information on why emails are not opening or closing incidents)