I’m looking for a way to have multiple ticket e-mail submissions all end up on
the same ticket whenever the To:, From:, and Subject: fields are all identical
and they are all sent within X hours from each other.
Here’s a hypothetical example that illustrates a situation similar to what I’m
dealing with:
Suppose company example.com has several machines all being monitored by monitor.example.com. The monitor machine has a cron job that checks all the
machines every 5 minutes. Whenever it finds one of the machines not
responding, it sends out an e-mail to a mailing list such as this:To: sysadmins@example.com
From: root@monitor.example.com
Subject: Server abc.example.com DOWN
The machine is down, somebody go kick it.
It would be really nice if sysadmins@example.com could be a RT queue instead
of just a mailing list. But the problem is, the monitor is going to send out
this exact same message every 5 minutes until the machine is fixed (and we do
not want to change that functionality). So, this would mean every 5 minutes,
there would be a new ticket generated for the same issue, which somebody would
need to manually merge.
It would be much better for me if we could have one ticket created, which got
a new attachment added every 5 minutes. BUT, if we go several days without any
more problems with server abc, then any new errors for abc should then be put on
a new ticket because it would then be a new issue.
I’m looking for a way to have multiple ticket e-mail submissions
all end up on the same ticket whenever the To:, From:, and Subject:
fields are all identical and they are all sent within X hours from
each other.
Here’s a hypothetical example that illustrates a situation similar
to what I’m dealing with:
You example is about NOC software. I’d probably do this by using a
custom interface between the NOC software and RT. Assuming the NOC
software has some sort of incident-id, I’d create a CF to hold the id,
and have the noc software check to see if anything exists. Then append
or create appropriately.
I’ve done this by having monitoring software send out notifications with
a ticket number in the subject. That way, you just end up with the a
ticket getting reopened every time a particular event happens.
You example is about NOC software. I’d probably do this by using a
custom interface between the NOC software and RT. Assuming the NOC
software has some sort of incident-id, I’d create a CF to hold the id,
and have the noc software check to see if anything exists. Then append
or create appropriately.
Seems sort of complex. I was hoping for a way to make RT do what I want instead
of writing something else so that I can do what RT wants me to do.
I’m looking for a way to have multiple ticket e-mail submissions all end up on
the same ticket whenever the To:, From:, and Subject: fields are all identical
and they are all sent within X hours from each other.
Logically, the way to do this is to write a scrip that
(1) Performs a search that returns the Ticket you’re looking for, then
(2) Merge the current ticket into the found ticket.
Unfortunately, I know how to do neither It’s also going to make the
load on your RT server shoot through the roof, since every new ticket is
going to perform a search.