We ingest all emails from our systems and vendors into an alerts management system.
This uses either webhook field mapping, or regex parsing of emails, to extract information from alerts/reports into usable information.
Included in this is the severity which we then base some automation around.
Items that are informational only are ingested as an alert only but dont trigger any further incidents or review by the helpdesk.
Items that are flagged as "error" or "critical" get raised as incidents at specific priority levels.
This requires us being able to reliably and predictably determine key word matching of certain fields extracted from the email.
Constantly changing the format of different types of emails we receive and not including clear severity/status/priority indicators in predictable locations make this almost impossible.
Currently we have a license changed notification trigger a ticket to be raised. I can't for the life of me figure out what in the alert caused that to happen. But its almost certainly something to do with the lack of consistency and predictability of the emails we're receiving.
I would ask that all email notifications we're being sent be reformatted to follow predictable formats and include labelled fields. At a minimum the severity/priority of the email.
Looking at a recent backup completed email it's subject is "Backup User accounts backup completed successfully" and the body excerpt:
Code: Select all
The backup "User accounts backup" for Ligeti Partners that finished on Thu Jul 17 2025 18:46:20 UTC+00:00 has completed with warning.
Please view your backup logs for further details: <a button containing a link to "view logs">
Backup job: <backup job name>
Status: informational/warning/success/failed
Date: <date+time stamp>
Logs: <link for further info/logging>
Message: <the rest of the body of the email>. Could be the same info in plain unstructured English.