Alert Grouping on Email Integration

We are looking to perform Alert Grouping on some Services that are driven by Email Integration.

I’m aware that Intelligent Alert Grouping is the recommended method, but if we wanted to use Content-Based Alert Grouping would that be possible? - I can see that the field names do not lend themselves easily to Email alerts, however could we leverage it by overriding one of the fields via an Event Rule to set maybe Source to hostname? e.g. from Customize Events Fields > Replace Event Field, build some RegEx to extract hostname from the Message Body, then configure Content-Based Alert Grouping and select Source to be matched. If so, can you see any drawbacks to this approach?

Thanks
Chris

That’s the correct approach! You can extract and map in anything you want from your incoming email into those PagerDuty CEF fields (source, class, group, component, etc) to help in your grouping objectives. For some, the drawback tends to be having to create REGEX to extract what you need.