An incident represents a problem or an issue that needs to be addressed and resolved. Incidents trigger on services, and a service's escalation policy prompts notifications to on-call responders to remediate the issue.

Incident Statuses

Triggered: An active service triggers an incident when it receives an event (that is, someone is on call and the service is not disabled or in maintenance mode). The incident escalates in accordance with the service's escalation policy. By default, PagerDuty sends notifications when an incident is triggered, but not when it is acknowledged or resolved. You can create notification rules — or use webhooks — to receive notifications when an incident is acknowledged or resolved.
Acknowledged: An acknowledged incident is being worked on but is not yet resolved. The user who acknowledges an incident claims ownership of the issue and halts the escalation process. While an incident is acknowledged, notifications are not sent until the acknowledgement timeout is reached. When the acknowledgement timeout is reached, the incident returns to triggered status and the escalation process resumes.
Resolved: The incident has been fixed. Once an incident is resolved, no additional notifications are sent. You can reopen it if further work is needed.

Priority, Urgency, and Severity

Priority is tied to incidents and specifies the order in which incidents must be addressed (for example, P1, Sev-1). Refer to Incident Priority for more information.
Urgency is tied to incidents and determines how you are notified when an incident is assigned to you (high or low). Refer to Notification Urgency for more information.
Severity is tied to alerts and describes the impact on a specific service or piece of infrastructure (for example, critical, warning, error). Refer to Event/Alert Severity Levels for more information.

Incident Lifecycle

1. Received Through Services

PagerDuty receives events from monitoring systems via integrations. An event creates an alert and an associated incident in PagerDuty.

📘
Note
Use Suppress alert to collect data without triggering an incident or notifying responders.

2. Assignment via Escalation Policies and Schedules

Unlike an alert or a suppressed event, an incident must be assigned to a user. The escalation policy determines to whom an incident is assigned. An escalation policy has one or more levels and can target either a schedule or a user. An incident escalates through the layers of an escalation policy until it reaches someone on call who is notified and assigned the incident. If the user fails to acknowledge the incident before the escalation timeout, the incident escalates to the next escalation level.

Incidents are only created when an escalation policy has an on-call user. If there is no one to assign an incident to when an event is sent to PagerDuty — due to a coverage gap on a schedule, for example — no incident is created.

3. Notifications via Push, Phone, Slack, Email, or SMS

Each user configures notification rules in their user profile. PagerDuty contacts users according to their notification rules until the incident is acknowledged, resolved, or escalated — either manually or due to escalation timeout.

4. Acknowledging and Resolving

Notifications allow responders to acknowledge that they are working on an incident or that it has been resolved. Depending on their permissions, users who are not currently assigned to an incident can acknowledge or resolve it on the Incidents dashboard in the web app.

Resolving an incident closes it, while acknowledging only halts escalation. If the incident is not resolved before the service's acknowledgement timeout expires, it retriggers and continues to escalate.

📘
Note
Alerts cannot be acknowledged — they can only be triggered or resolved. If all alerts in an incident are resolved, the incident is resolved. When an incident is resolved, all associated alerts are also resolved.

Incident Timeline

Each incident has a Timeline tab on the incident details page, showing timestamps of each incident status along with all actions taken and notifications sent from the incident.

You can filter the incident timeline by specific events and actions, making it easier to track particular types of updates or changes and review patterns throughout the incident.

Trigger/Declare an Incident

📘
Note on Terminology
Throughout PagerDuty documentation, you may see incidents referred to as being triggered or declared. Both terms describe the creation of a new incident in PagerDuty, but their usage reflects different contexts:

Triggered refers to incidents created automatically via integrations, monitoring tools, or event-driven workflows.

Declared refers to incidents created manually through the PagerDuty interface or API.

Regardless of how an incident is created, its initial status is always Triggered.

There are multiple ways to trigger PagerDuty incidents depending on your use case:

Trigger an Incident via Integration

It is a common workflow to integrate with a third-party platform (for example, a monitoring tool) and configure the integration to trigger an incident in PagerDuty when specific criteria are met. Visit the Integrations library for more information on integrating the products in your tool chain with PagerDuty.

📘
Event Orchestration
Event Orchestration centralizes your integrations by sending all your events to a single endpoint and routes alerts to the appropriate service based on the logic you provide.

Declare an Incident via Web App

You can manually create an incident from anywhere in the PagerDuty web app. Manually opening an incident triggers it and notifies the on-call responder(s). A common use case is to test notification rules or contact the on-call person to inform them about an issue on a particular service.

⚠️
Required User Permissions
All users except Limited Stakeholders and Full Stakeholders can manually trigger incidents.
Restricted Access and Observer users can only trigger incidents for Teams they are associated with.

📘
Availability
Depending on your account's pricing plan, the following features may not be available. Contact the Sales Team to upgrade your pricing plan.

In the top navigation bar, click + New Incident.
In the Create New Incident dialog, enter the following:

Field	Description
Title (Required)	Enter a title for the incident.
Incident Type (Required)	Select Base Incident.
Impacted Service (Required)	Select the impacted service for the incident.
Description (Optional)	Enter an incident description.
Urgency (Optional)	Assign an urgency level: High or Low. If you have configured support hours for the service, leave this blank to use the default urgency setting, or select an option to override it. Urgency can only be selected for enabled services. Refer to notification urgencies for more information.
Priority (Optional)	Assign an incident priority. Priority can only be selected for enabled services. Refer to incident priority for more information.
Assignee (Required)	Assign the incident by selecting an escalation policy or a user from their respective tabs. This selection overrides the service's escalation policy, and the incident notifies the selected escalation policy or user.
Add additional responders to help (Optional)	Add additional responders to the incident by selecting escalation policies and/or users from their respective tabs.
Add a conference bridge (Optional)	Add a conference bridge by selecting a preconfigured Conference Bridge from the dropdown.
Dial-in number (Optional)	Enter a dial-in number.
Meeting URL (Optional)	Enter a meeting URL.

Click Create Incident.

📘
Self-Assigned Incidents
If you assign a manually declared incident to yourself, PagerDuty does not notify you. The incident is in an Acknowledged state, as you are aware of it and working to resolve it.

Declare an Incident via Mobile App

Refer to declaring incidents in the mobile app for more information.

Trigger an Incident via API

Events API

If a service has an API integration, you can trigger an incident via the Events API by sending a properly-formatted POST request with your integration key. To find integration keys, navigate to Services Service Directory select the service Integrations tab click to the right of the integration.

📘
Developer Documentation
Refer to Events API v2 Overview for more information. Visit PagerDuty Samples for code samples in Ruby, Python, and PHP.

REST API

You can also trigger incidents using the REST API.

Declare an Incident via Email Integration

If a service has an email integration, you can trigger an incident by sending an email to the integration's email address. To view an email integration's address, navigate to Services Service Directory, select the service, click the Integrations tab, and click to the right of the integration.

When you send an email to the integration address, an incident is triggered on that service and appears in the Incidents tab.

Declare an Incident via Slack

If your account has the Slack integration configured, you can declare an incident using the Slack slash commands.

📘
Incident Trigger Limitations

An incident stops accepting new trigger events after receiving 100 events with the same deduplication key. After receiving 100 triggers, the Alerts Log stops showing more events. To send more events, resolve the incident first.

For an incident to trigger, at least one person must be on call per the service's escalation policy. If no one is on call, an incident does not trigger.

📘
High Open Incident Volume
For services with over 100K open incidents, the auto-resolve feature is automatically enabled. With this feature enabled, all new incidents for that service are auto-resolved after 24 hours and no further notifications are sent.
You cannot disable this feature unless the service's open incident count is reduced to under 100K. To reduce the count, use the update an incident API to bulk resolve incidents, or use the mass_update_incidents.py script to automate bulk resolution.

Acknowledge an Incident

There are multiple ways to acknowledge PagerDuty incidents depending on your use case:

Acknowledge an Incident via Web App

There are two ways to acknowledge an incident in the web app:

Acknowledge an Incident on the Open Incidents Page

Navigate to Incidents to view the Open Incidents page.
Select the checkbox to the left of the triggered incident to acknowledge.
Click Acknowledge in the actions menu bar.

Acknowledge an Incident on the Incident Details Page

Click an open incident's title to enter the incident details page.
Click Acknowledge in the actions menu bar.

Acknowledge an Incident via Mobile

Refer to acknowledging incidents in the mobile app for more information.

Acknowledge an Incident via API

Refer to the API Reference for more information.

Acknowledge an Incident via Slack

Refer to the Slack Integration User Guide for more information.

📘
Incident Acknowledgement Limitations
Each incident is limited to 100 acknowledgements. The limit for added responders is 1,000. If many responders need to be involved in an incident, adding responders may be a better approach.

Unacknowledge an Incident

If you accidentally acknowledge an incident, click More... on the incident details page and select Unacknowledge Incident.

Unacknowledging an incident returns it to a Triggered state, resumes the escalation process, and sends notifications again.

Resolve an Incident

There are multiple ways to resolve PagerDuty incidents depending on your use case:

Resolve an Incident via Web App

There are two ways to resolve an incident in the web app:

Resolve an Incident on the Open Incidents Page

Navigate to Incidents to view the Open Incidents page.
Select the checkbox to the left of the incident to resolve.
Click Resolve in the actions menu bar.

Resolve an Incident on the Incident Details Page

Click an open incident's title to enter the incident details page.
Click Resolve in the actions menu bar.

Resolve an Incident via Mobile

Refer to resolving incidents in the mobile app for more information.

Resolve an Incident via API

Refer to the API Reference for more information.

Resolve an Incident via Slack

Refer to the Slack Integration User Guide for more information.

Redact an Incident

⚠️
Required User Permissions
This action is only available to the Account Owner. Redaction cannot be undone, not even by PagerDuty Support.

If an incident contains sensitive information, the Account Owner can permanently delete the incident's details by selecting More... and clicking Redact Incident.

After confirming the redaction, the page reflects who redacted the data and when it was redacted.

📘
Incident Redaction and Analytics
Redacting deletes the incident description and incident key, but does not affect Analytics metrics associated with the incident.

FAQ

Why was an incident number skipped?

In the past, incidents started at #1 and never skipped a number. There are rare cases, however, in which PagerDuty is unable to create incidents quickly enough. To address this, you might notice "missing" incident numbers. PagerDuty never deletes incidents, so a skipped number means it was skipped at creation time. This does not indicate a problem.