What is the best practice for handling email notifications from monitoring systems into the service desk?
So this morning I came into a queue of around 50 tickets generated by the monitoring systems we use. This was expected as we are now piping email alerts into the service desk rather than a shared mailbox. Now the problem is the volume of new monitoring tickets is masking actual support issues as a new ticket is opened up for every alert status change. What I'm looking for is a way to consolidate the tickets automatically as they arrive.
For example:
1) Monitoring picks up an issue with a server and sends an email with the subject "Server IP 1.2.3.4 is DOWN"
2) An engineer either resolves the problem with the server or the alert is a "flap" and it resolves itself
3) The monitoring systems sends out another email with the subject ""Server IP 1.2.3.4 is UP" however this is added as a comment to the original alert ticket rather than a new ticket
The problem I face is associating the two emails with very similar, but different, subject lines to the same issue ticket. the alerts do come from the same sender and always the follow the same format if that makes a difference.
Any ideas?
