Advanced Email Management: Extracting Information with Regular Expressions


When using the regular expression (also called regex) option to create an incident key for email management rules, you will need to use a capture group, which in regex is defined as anything between a set of parentheses: ( ).

Capture group

A capture group will tell PagerDuty to create an incident key from the text contained within the parentheses. If the unique identifier within the capture group changes (i.e. a ticket ID # or host ID #) you can use \d+, which tells PagerDuty to capture all subsequent digits.

Similarly, if you want to capture a specific number of digits you could use \d to stand in place of each digit. For example, you could use \d\d\d\d or \d{4} if the unique identifier always contains 4 digits.

What if my unique identifier already has parentheses?

In some instances your unique identifier may already have parentheses around it. For example, let’s say you want to create an incident key based on the ticket numbers contained within the parentheses of this Zendesk email:

In this case you would use a backslash at the beginning; the backslash is an escape character that tells PagerDuty "the following character should be treated as text."


Specifics of PagerDuty's capture group implementation

PagerDuty's email management rules use Google's RE2 for regular expression handling, and additionally adds some custom behavior. Some specific things to be aware of:

  • You are not allowed to use nested groups, so if you try and use this regular expression, you will get an error while saving the service (([0-9])[0-9]).

  • If you give multiple capture groups, we will concatenate what is captured in each group together, using the - character. For example if you match ([a-z])([a-z]) against "ab", we will use "a-b" as the extracted data.

  • We always add two options to your regular expression (both of which are documented in the RE2 documentation) when extracting data.

    • s, which means that whenever you use the . special character in your extraction regex, this will also match newlines, as well as all the characters it regularly would.

    • m, this is called multi-line mode, which causes ^ and $ to match the beginning and end of lines in addition to beginning and end of the entire text.

    • A consequence of these two behaviors and regex greediness is that (.*)$ will match everything until the end of the document, so you should use \n if you just want it to match everything until the end of the line.

Tools - Cheat Sheet

Rubular is a Ruby regular expression editor and a great resource to double-check your regex, and provides a quick reference for common expressions.

Regex101 is another tool that can be used to test your regex.


Other options

One thing to note - it's not necessary to always use regex when building an incident key. Using the "all text between" drop down option is a quick and easy way to tell PagerDuty to create an incident key between A and B. Or if your incident key never changes you could use the "everything" drop-down.

Have more questions? Submit a request