Let me start by apologizing for my lack of knowledge relating to perl scripting and RT as I am fairly new to both. I have been looking for a way to regex search the contents of an email-generated incident report for the username contained within the forwarded log, and populate a custom field in the report. I have already created the custom field “DLP User”, and set it to “on create” with the action of “user defined” and a blank template setting. The field has also been applied to the proper queue.
A ticket gets generated with the following content in the body of the email:
Source IP: 126.96.36.199
Source Port: 0
Source Username (from event): Bob, Smith
Source Network: other
I would like to extract the username “Bob, Smith” from the body and have it populate in the custom field “DLP User”. I think the action code should be something like:
Field => ‘DLP User’,
Value => $username
My main struggle is figuring out how to search the body of the email that generated the report. Does anyone have any experience doing something like this?