Email Parser
Configure parsing rules for monitoring emails from a non-standard tool.
The BigPanda Email Parser is a customizable integration that receives emails from a source system and translates the email data into BigPanda events.
| Supported Versions | Type |
|---|---|
| Plain-text | Inbound Email |
Ideal for monitoring tools and systems that do not support REST API, the email parser extracts alert data such as status and properties right from the email's subject or body. The parser supports text and HTML content.
Single Alert Payloads Only
Alerts should be configured to send individually to the parser.
A unique email parser must be configured for each source that will be sending emails to BigPanda. Each email source can only send to one BigPanda email parser at a time.
Automatic Retries
A failed email alert will attempt to retry up to 3 times unless there are payload errors that prevent it from processing.
For more information about the Email Parser, see the BigPanda University Open Integration Manager and Email Parser Course.
Extraction Rules
Default Rules
There are three pre-defined extraction rules. These rules can be customized, but cannot be deleted. Additional rules to extract additional properties can be configured.
Each rule can be configured to pull from the subject or body of the email.
Alert status
This lookup rule searches in the subject or body for specific strings. If there is a match, the defined status will be populated. If not, the next rule will be run. If none of the rules match, the default value will be populated.
Default mapping rules:
| Email Status | BigPanda Status |
|---|---|
| “Has been resolved” “resolved” | ok |
| “Unknown problem” | warning |
| “High severity” | critical |
- If none of these are matched, the default status is
critical
Regex Support
A regular expression (regex) can be used to extract status strings.
Primary Property Tag
This tag will be marked as the primary_property in BigPanda.
Mail source
Populated automatically from the “FROM” address and cannot be changed.
Secondary Property Tag (Optional)
This tag will be marked as the secondary_property in BigPanda.
We recommend configuring secondary properties when possible to help connect critical/warning events to their corresponding ok message.
Additional Properties
Custom tags can be extracted as defined during configuration. The following must be defined for each tag:
- Tag name - The custom tag must already exist in BigPanda. Tag names must meet the following requirements:
- Maximum length of 64 characters.
- Starts with a letter from a to z.
- Contains only lowercase letters (a-z), numbers (0-9), and some special characters, including underscores ( _ ) and hyphens ( - ) and cannot contain spaces.
- Source - Select either Subject or Body.
- Default Value - Set a string to function as the tag value if the extraction rule isn’t met.
- Extraction rule - The regex rule to extract the value from the email. The extraction rule cannot be empty for any configured tag.
File Limit
The parser can handle emails up to 10 MB
Previewing Sample Alerts
Use the sample email pane to easily preview and configure extraction rules for the parser. Copy the text of a sample email on the left, and the system will generate a sample alert based on the email values and configured settings.
Authorized Sources
Populate this field with the list of email addresses that will be sending emails to this parser. The * character acts as a wildcard. For example, if you would like to include all addresses from a certain domain, you can use *@bigpanda.io.
During configuration, BigPanda will automatically create a recipient address for the integration. As a standard, these email addresses use plus addressing (i.e. bpalerts+<SOMEVALUE>@bigpanda.io)
If your alerting system does not support plus addressing, contact BigPanda Support.
Install the Integration
Create an App Key
Create an app key in BigPanda.
Integration specific
You'll need a separate app key for each integrated system.
App Key Configuration in BigPanda
Configure Parsing Rules
Set rules on how BigPanda should extract alert data from each email
Email Parser Configuration
Configure the Monitoring Tool
Copy the destination address provided in the app.
Configure the monitoring tool to send alert emails to this email address.
Make any necessary configuration adjustments to ensure that outbound mail fits the rules configured in BigPanda
Uninstall the Integration
Deleting an integration requires that you remove the integration in both the integrated system and BigPanda. We recommend that you first uninstall the integration on the integrated system to prevent traffic from being sent and rejected by BigPanda, since the app key will not exist once you delete the integration in BigPanda.
Caution During Replacement
When replacing an existing integration with a new tool or system, we recommend configuring the new integration first to ensure no data is lost.
Deactivate Inbound Integration
If you want to stop sending data to BigPanda but don’t want to delete your integration, you can temporarily deactivate it.
To deactivate an inbound integration:
- In BigPanda, navigate to the Integrations tab and select the desired integration from the list. This will open integration details on the right side of the window.
- At the top of the integration details, click the Active/Inactive toggle next to the application name to change the status of the integration.
In the integrations list, inactive integrations will be marked with a gray bar.
Alert Resolution for Inactive Integrations
Any active alerts belonging to an inactive integration must be manually resolved or they will stay in the system until the auto-resolve window is reached.
Stop Sending Data to BigPanda
On the integrated system, disable any settings that send data to BigPanda.
Halt emails completely, or remove BigPanda from the recipient list.
Delete the Integration in BigPanda
Take the following steps to delete the integration from BigPanda:
- In BigPanda, navigate to the Integrations tab and select the desired integration from the list.
- In the integration details on the right of the page, click the trash icon, then confirm you want to delete the integration. The integration will be removed immediately.
️Automatic Alert Resolution for Deleted Integrations
All active alerts from the integration will be resolved after deletion.
Data Removal
This procedure does not remove any data from the integrated system.
Version and release information
v1.4.0
- UI Configuration Enabled
v1.0.0
- Initial release
Updated about 1 month ago