I would like to use an email or API from Kibana to add to an existing ticket if the key fields match (i.e. host and event fields match). This way I can configure Kibana to notify every N hours and as long as the ticket is open for a given issue, the successive notifications don't create new tickets.
An alternative is to have an Alert & Notification email generated when a ticket is closed. I can use this mechanism to suppress the event using Watcher in Elastic until the ticket is closed. I'm new to osTicket.
Ideas? Thanks!

The osTicket API only opens tickets and tasks. It does not update tickets.

osTicket matches emails to tickets using:

  • "mid" => Message-Id header of incoming mail
  • "in-reply-to" => Message-Id the email is a direct response to
  • "references" => List of Message-Id's the email is in response
  • "subject" => Find external ticket number in the subject line

So I just don't see a way that you would be able to match newly generated emails to old existing ones.

@ntozier That matches my analysis - thanks for verifying. Do you have an impression of how difficult it would be to add an email to the ticket close action? I'm thinking that we could use it to re-arm the Watcher event in Elastic.

You would have to locate where in the code the close action takes place and inject code to send an email.

I look at doing that once, and then just decided that it would be much easier to train my Agents to use a Canned Response and then select the status of Close when we are closing the ticket.

Write a Reply...