Create Alert from Events Generated by Email

Nic Omaha · ‎12-19-2016

Hello! Here is what I am trying to accomplish. In this specific scenario I want an "Event" generated every time a email comes in with a system error. I then want to create an "Alert" on the 4th email that occurs in a 60 minute window. Here is where I am at so far

I currently have a inbound action reading these emails and creating "Events", here are the fields I am populating

These "Events" are then generating on the event table.

Here is where I am stuck or missing something to generate the "Alert" I set this up using the threshold feature but the documentation is kinda gray

It shoes the events are processing but here are the comments from the process

Any help or suggestions would be greatly appreciated on how I might accomplish what I am trying to do. I generally over complicate things.

Tony Branton · ‎01-08-2017

You're almost there. In the Event Rule you need to specify EMAIL ALERT for the Source field.

Event Management uses the Source field to match a class of incoming events to one or more Event Rules. The Filter criteria is then used to determine which Event Rule should be applied to process an event (when more than one Event Rule exists for a specific event source).

Nic Omaha · ‎01-09-2017

Thanks, I got that piece added and now it is applying the rule but nothing is happening. I get the following errors.

Tony Branton · ‎01-09-2017

You're not getting an error - the event rule you're applying is named "Error in receiving Delivery Survey" (you may want to change that).

The reason you're not getting an alert created is that the Severity field has no value. You need to set it to a value within the range 0-5 where 0=Clear, 1=Critical, 2=Major, 3=Minor, 4=Warning, 5=Information (try using 5 for now).

Note that you should provide values for the Node and Type fields also so the Message Key field can be automatically set - this will help with matching events to existing alerts for de-duplication, up/down pairing and severity escalation.

Tony Branton · ‎01-09-2017

BTW, once you have alerts being generated you'll need to configure an Event Rule with a Threshold condition to ensure that an alert is on created after 4 events have been received.

When you do this you need to use a value that's in the Additional Info field. In your example you have the JSON pair "Survey":"New Year" in the Additional Info field, so you'd set a Threshold condition with Survey = New Year and then look for 4 occurrences of the event within 3600 seconds (60 mins) as shown below.