Using Email Management Rules to Resolve Incidents

Follow

PagerDuty's email management feature allows you to automatically resolve incidents from email integrations by creating custom rules to parse messages and specify how they should be handled.

We have comprehensive guides to help you parse emails from Zendesk and JIRA, but you can also create management rules for emails that come from anywhere. This guide will explain how to create rules to parse emails from any monitoring tool.

Email management uses a set of rules that is applied to any incoming email. Each rule has two components:

  1. condition that tells PagerDuty if the email should create an incident, or resolve an existing incident

  2. An incident key that tells PagerDuty how to match one email with another email.

An example set of emails:

In the below example we'll start by setting up an integration from scratch, however, you can also add management rules to existing email integrations. If you already have an email integration set up, go to it, click Edit, then skip to "An important note of distinction...." below.

First, create a generic email integration. Once you've created your email integration, navigate to the Integrations tab in your service to edit the integration.To find the edit option, you can either click on the name of the integration itself, or click on the settings cog within the integrations list.

An important note of distinction when creating email management rules - when new events come in to PagerDuty, they must first meet the criteria defined in by Email Filters specified for an email integration. PagerDuty opens a new incident every time an email is received at the integration address by default, but this behavior can be adjusted with the Email Filters setting. In most cases you will probably use the default email filter, Accept all incoming email, however there might be instances in which you'd like PagerDuty to discard emails with specific criteria in order to eliminate extra "noise."

Once you've selected the appropriate Email Filter, you're ready to create a management rule. To do so, select Create and resolve incidents based on custom rules from the Email Management field.

Next:

  1. Specify if PagerDuty should trigger or resolve an incident and the criteria of the email

  2. Specify the incident key - the incident key de-duplicates emails that have the same identifiers and will append the email to an existing incident

  3. Optional - you can add additional criteria in the Custom Field if you'd like to extract additional data from the email

Note: If an email matches your "resolve" rule and there is no open incident for that email to resolve OR the email's incident key does not match an existing open incident, then we will discard the email (as opposed to having the email trigger a new incident).

Just as with Email Filters, you can use regular expressions to create complex management rules - however regular expression are not mandatory. You can review how to create a regular expression in Regular Expression Tips & Examples.

In some cases you may want to create an additional rule by clicking Add Another Rule. When you create multiple rules, PagerDuty will apply the first rule to the incoming email, and if it doesn't match it will attempt to apply the second rule. The hierarchy continues in this order until it reaches your last rule. There is a limit of ten rules per service.

 

Finally, if an email doesn't match any of the rules, PagerDuty will either create a generic incident or discard the email. Use the drop down menu to specify your preference - you can either create a generic incident or discard it (the email).

Have more questions? Submit a request

Comments