Common Event Format (PD-CEF)

Overview of the PagerDuty Common Event Format that is used to correlate similar items across integrations

The PagerDuty Common Event Format (PD-CEF) is a standardized alert format that allows us to correlate similar items across integrations and better understand the events from your environment. PD-CEF also allows you to view alert and incident data in a cleaner, more normalized way. You can also use PD-CEF to dynamically suppress non-actionable alerts using Event Rules.

PD-CEF details display at the top of alert and incident detail pages. They express common operations event concepts in a normalized, readable way.

Within the alerts table, the PD-CEF fields Severity, Summary, Source, Class, Component, and Group can be viewed in relation to your alerts. To customize the fields shown on this page, navigate to Incidents Alerts and click the Customize Columns button on the right side.

PD-CEF Fields

PD-CEF details map to the following fields. The table below outlines the name, type, and description of each value, as well as an example value for each.



Example Value




"PING OK - Packet loss = 0%, RTA = 1.41 ms"w
"Host 'acme-andromeda-sv1-c40 ::' is DOWN"

A high-level, text summary message of the event. Will be used to construct an alert's description.







Specific human-readable unique identifier, such as a hostname, for the system having the problem.


Enum {Info, Warning, Error, Critical}

Info, Warning, Error, Critical

Indicates the severity of the impact to the affected system.




When the upstream system detected / created the event. This is useful if a system batches or holds events before sending them to PagerDuty.



"High CPU"


"500 Error"

The class/type of the event.








The part or component of the affected system that is broken.







A cluster or grouping of sources. For example, sources “prod-datapipe-02” and “prod-datapipe-03” might both be part of “prod-datapipe”

Custom Details


{"ping time": "1500ms", "load avg": 0.75 }

Free-form details from the event.

PD-CEF fields as they appear on an individual alert

Events API v2

The Events API v2 offers an easier way to leverage PD-CEF fields in your alerts. Monitoring partners can now directly send in the PD-CEF format, giving you the benefit of the format without needing to manually convert your events. Custom monitoring can also leverage this format, to take advantage of the new PD-CEF display and workflow features in PagerDuty.

Review our developer docs for more information about the Events API v2 and how to use it.

PD-CEF is currently available for the following integrations:

  • AWS Cloudwatch
  • Azure
  • Datadog
  • Github
  • Logic Monitor
  • Microsoft OMS
  • Nagios
  • New Relic
  • Pingdom
  • PRTG
  • Sensu
  • Slack
  • Splunk
  • Wormly
  • Zabbix

Updated about a year ago

Common Event Format (PD-CEF)

Overview of the PagerDuty Common Event Format that is used to correlate similar items across integrations

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.