PagerDuty Event Intelligence

PagerDuty Event Intelligence, built with automatic adaptive learning and team-centric workflows in mind, makes it easy for teams to cut through the noise so you can focus on what matters. With Event Intelligence, teams can automate common manual workflows, significantly reduce operational noise, and access rich context during incident triage to speed up response. This package consists of a suite of tools:



PagerDuty Event Intelligence is included in our Digital Operations plan. For Business and Professional plans, it is available as an add-on on top of your existing PagerDuty account. Event Intelligence is not available on Free accounts. Please contact our Sales Team if you would like to upgrade to a plan with this feature suite.

PagerDuty Event Intelligence diagramPagerDuty Event Intelligence diagram

PagerDuty Event Intelligence diagram

Alert Grouping

The default behavior on a service is to not group alerts, though users may manually move alerts to another incident. Alert Grouping, on the other hand, offers three methods to automate this process, depending on your organization’s needs:

Intelligent Alert Grouping

Intelligent Alert Grouping allows your responders to stay focused during a storm of alerts. When enabled on a service, Intelligent Alert Grouping uses a machine learning-based algorithm to automatically group related incoming alerts into a single open incident.

No rules or additional configuration is needed in order for this algorithm to start grouping alerts — it begins grouping automatically once enabled. Over time, the Intelligent Alert Grouping algorithm will readjust to the unique history of alerts on your service. It's a tool that gets smarter the more you use it.

Intelligent Alert Grouping weighs various factors to determine when to group alerts. This includes recurring patterns in how responders have acknowledged, resolved and grouped incidents in the past, as well as alerts previously grouped via the Time-Based Alert Grouping feature.

To learn more about this feature, please read Intelligent Alert Grouping. If you'd like to preview how Intelligent Alert Grouping might group your alerts before you enable it, refer to Preview Intelligent Alert Grouping feature.

Intelligent Alert GroupingIntelligent Alert Grouping

Intelligent Alert Grouping

Content-Based Alert Grouping

Content-Based Alert Grouping is a feature that allows service administrators to configure grouping based on their preferred, user-defined fields. Accounts working with predictable, homogenous alert data can now customize how alerts are grouped without having to train the algorithm on their specific data. With Content-Based Alert Grouping, alerts that share an exact match on the selected field will be grouped together into the most recent open incident. If an incident remains open for 24 hours, grouping stops and any future alerts will trigger a new incident. Similar to other alert grouping mechanisms, Content-Based Alert Grouping will only group alerts on the same service.

To learn more about this feature, check out our article on Content-Based Alert Grouping.

Content-Based Alert GroupingContent-Based Alert Grouping

Content-Based Alert Grouping

Time-Based Alert Grouping

Time-Based Alert Grouping will automatically add incoming alerts into open incidents on a service to help keep you focused on the problem at hand. With Time-Based Alert Grouping enabled on a service, the first new incoming alert will create a new incident. Subsequent alerts will be added to that incident for the specified time period while the incident is open.

To learn more about this feature, check out our article on Time-Based Alert Grouping.

Time-Based Alert GroupingTime-Based Alert Grouping

Time-Based Alert Grouping

Intelligent Triage

Intelligent Triage offers responders two ways to gain more context about an incident:

Past Incidents

Getting notified of an issue can be stressful, especially if the incident appears unfamiliar or new. For responders, seeing similar, past incidents that have been resolved adds helpful context for an accurate triage that leads to shorter resolution time. You can see whether you or someone on your team was involved in a past incident, when these types of incidents happen, and dive into any of these incidents to discover what remediation steps were taken in the past.

To learn more about this feature, check out our article on Past Incidents.

Past IncidentsPast Incidents

Past Incidents

Related Incidents

The Related Incidents feature provides incident responders with the suggested 20 most recent related incidents that are impacting other responders and PagerDuty services. This feature uses a completely online and real-time machine learning algorithm to provide these insights, giving responders an at-a-glance view of the full breadth and scope of incident impact. Related Incidents extends our machine learning capabilities beyond noise reduction, enriching incidents with deep contextual insights to help responders coordinate an effective team response and mitigate business disruption.

To learn more about this feature, check out our article on Related Incidents.

Related IncidentsRelated Incidents

Related Incidents

Advanced Event Automation

The following features allow you fine tune your Event Rules:

Threshold Alerts

With Threshold Alerts, it is possible to receive PagerDuty notifications only when your customized alert conditions breach specified limits. In this way, responders effectively reduce alert noise without missing critical issues.

For more information about Threshold Alerts, please see our Rulesets article.

Threshold AlertsThreshold Alerts

Threshold Alerts

Add Notes

Notes can help responders resolve incidents faster by including information or links related to the system that generated the event. Notes are added automatically using Event Rules.

More information about adding notes can be found in our Rulesets article.

Add a note to an incidentAdd a note to an incident

Add a note to an incident

Scheduled Event Rules

You can gain a greater degree of control over your event rules by detailing a single specific time in the future in which they will be active. This is particularly helpful during rules testing and planned maintenance.

For more information about Scheduled Event Rules, visit our Rulesets article.

Scheduled Event RulesScheduled Event Rules

Scheduled Event Rules

Recurring Event Rules

If there are specific hours of the day or day(s) within a week when you would like an event to follow a particular rule, you can set its activity on an automatic, weekly recurring schedule. This feature is specific to each individual event rule and you can make additional changes, such as changing severity or priority based on time of day.

For more information about Recurring Event Rules, visit our Rulesets article.

Recurring Event RulesRecurring Event Rules

Recurring Event Rules

Paused Incident Notifications

Paused Incident Notifications allow rules to be set to create alerts, but pause incident creation and notifications for a predefined amount of time. During the pause period, new alerts will be viewable in the Alerts table with a Suspended status. These suspended alerts have new actions, allowing users to trigger an incident from the alert during the pause period, or resolve the alert, preventing the incident and its notifications from being created altogether.

For more information about Paused Incident Notifications, visit our Rulesets article.

Paused Incident NotificationsPaused Incident Notifications

Paused Incident Notifications

Disable Event Rules

If you would like to pause an event rule’s activity, you can disable and re-enable it at a later time. This feature allows you to manually disable specific integrations during maintenance or tool testing, for example.

For more information about Disable Event Rules, visit our Rulesets article.

Disable Event RulesDisable Event Rules

Disable Event Rules

Change Correlation

Change Correlation provides responders with three recent change events that are most relevant to an incident. Each change event will have context as to why it was correlated based on three key factors: time, related service, or intelligence (machine learning). With valuable context available at a glance, responders can triage incidents quickly and reduce time-to-resolution.

For more information, please see our article on Change Correlation.

Did this page help you?