Sending duplicate RT queries to the same ticket?

Hi,

I’m looking for a way to have multiple ticket e-mail submissions all end up on
the same ticket whenever the To:, From:, and Subject: fields are all identical
and they are all sent within X hours from each other.

Here’s a hypothetical example that illustrates a situation similar to what I’m
dealing with:

Suppose company example.com has several machines all being monitored by
monitor.example.com. The monitor machine has a cron job that checks all the
machines every 5 minutes. Whenever it finds one of the machines not
responding, it sends out an e-mail to a mailing list such as this:To: sysadmins@example.com
From: root@monitor.example.com
Subject: Server abc.example.com DOWN

The machine is down, somebody go kick it.

It would be really nice if sysadmins@example.com could be a RT queue instead
of just a mailing list. But the problem is, the monitor is going to send out
this exact same message every 5 minutes until the machine is fixed (and we do
not want to change that functionality). So, this would mean every 5 minutes,
there would be a new ticket generated for the same issue, which somebody would
need to manually merge.

It would be much better for me if we could have one ticket created, which got
a new attachment added every 5 minutes. BUT, if we go several days without any
more problems with server abc, then any new errors for abc should then be put on
a new ticket because it would then be a new issue.

Has anybody ever done anything like this before?

Thanks,
-Dan

Daniel J. Wright wright@pair.com
Lead Software Developer, pairNIC https://www.pairnic.com
pair Networks, Inc. http://www.pair.com

I’m looking for a way to have multiple ticket e-mail submissions
all end up on the same ticket whenever the To:, From:, and Subject:
fields are all identical and they are all sent within X hours from
each other.

Here’s a hypothetical example that illustrates a situation similar
to what I’m dealing with:

You example is about NOC software. I’d probably do this by using a
custom interface between the NOC software and RT. Assuming the NOC
software has some sort of incident-id, I’d create a CF to hold the id,
and have the noc software check to see if anything exists. Then append
or create appropriately.

seph

I’ve done this by having monitoring software send out notifications with
a ticket number in the subject. That way, you just end up with the a
ticket getting reopened every time a particular event happens.

Dan Wright wrote:

You example is about NOC software. I’d probably do this by using a
custom interface between the NOC software and RT. Assuming the NOC
software has some sort of incident-id, I’d create a CF to hold the id,
and have the noc software check to see if anything exists. Then append
or create appropriately.

Seems sort of complex. I was hoping for a way to make RT do what I want instead
of writing something else so that I can do what RT wants me to do.

Thanks anyway,
-Dan

Dan Wright wrote:

I’m looking for a way to have multiple ticket e-mail submissions all end up on
the same ticket whenever the To:, From:, and Subject: fields are all identical
and they are all sent within X hours from each other.

Logically, the way to do this is to write a scrip that

(1) Performs a search that returns the Ticket you’re looking for, then
(2) Merge the current ticket into the found ticket.

Unfortunately, I know how to do neither :frowning: It’s also going to make the
load on your RT server shoot through the roof, since every new ticket is
going to perform a search.

Rick R.