Knowledge Base
API DocsIntegrationsPagerDuty UniversityPagerDuty CommonsContact SupportMy Support Tickets

Dynamic Notifications

Add severity levels to incidents to support effective incident triage.

Dynamic Notifications allow you to generate alerts with severity fields. When an incident is generated from an alert, you can use its severity field to control incident urgency and how responders receive notifications. This feature reduces noise and ensures responders can focus on the most critical incidents.

📘

Pricing Plans

All pricing plans, with the exception of some legacy and specially negotiated plans, have access to Dynamic Notifications. Contact our Sales team if you want to switch to a plan with Dynamic Notifications.

Event/Alert Severity Levels

You can generate PagerDuty alerts with a severity field via a triggering monitoring tool that directly provides severity values, or you can set them using Event Orchestration.

When an incident is generated from an alert, PagerDuty uses the alert’s severity field to determine the urgency level. The values of this field must be one of the following:

  • critical
  • error
  • warning
  • info

📘

Case Sensitivity

Severity fields are case-sensitive. For example, the severity field Info (instead of info) produces an error: 'payload.severity' is invalid (must be one of the following: 'critical', 'warning', 'error' or 'info').

Severity and Urgency Mapping

Alert SeverityDescriptionDefault Incident UrgencyIncident Behavior
criticalA failure in the system's primary application.HighUses high-urgency notification rules and escalates if not acknowledged.
errorAny error that is fatal to the operation, but not the service or application.HighUses high-urgency notification rules and escalates if not acknowledged.
warningMay indicate that an error will occur if action is not taken.LowUses low-urgency notification rules, and it cannot escalate.
infoNormal operational messages that require no action.Low

(If appended to an incident, PagerDuty recommends suppressing info alerts)		Uses low-urgency notification rules, and it cannot escalate.
UnknownAutomatically chosen when a monitoring tool is not set, or cannot set the severity.HighUses high-urgency notification rules and escalates if not acknowledged.

Severity-to-urgency mappings are hard-coded (as shown below). Any incoming event without a severity defaults to high urgency.

A screenshot of the PagerDuty web app showing configuration options for Dynamic Notifications

Dynamic notifications

Configure Dynamic Notifications

🚧

Required User Permissions

Users with the following roles can configure Dynamic Notifications:

  • User
  • Admin
  • Manager base roles and team roles. Manager team roles can only manage services associated with their team.
  • Global Admin base roles
  • Account Owner

To configure Dynamic Notifications:

  1. Navigate to Services Service Directory.
  2. Select your preferred service.
  3. Select the Settings tab.
  4. In the Assign and Notify section, click Edit.
  5. In the How should responders be notified? dropdown, select Dynamic notifications based on alert severity.
  6. (Optional) Configure When incidents are not actioned, automatically with the following settings:
    1. Re-trigger acknowledged incidents after [x minutes] and re-notify assigned responders: Select the checkbox and your preferred time period.
    2. Resolve open incidents after [x minutes]: Select the checkbox and your preferred time period.
  7. Click Save Changes.

Any alert-created incidents on the service will now determine notification urgency according to the severity of their alerts. When an alert is added to an incident or its severity changes, the incident’s notification urgency is also updated. For example, an alert that changes from Warning to Critical updates the associated incident from Low to High, but a change from Critical to Warning does not reduce the incident’s urgency.

Non-alert incidents, such as those manually triggered or triggered through the Create Incidents API, will always have their urgency set by the service’s setting.

Edit or Disable Dynamic Notifications

  1. Navigate to Services Service Directory.
  2. Select your preferred service.
  3. Select the Settings tab.
  4. In the Assign and Notify section, click Edit.
  5. Edit your preferred settings.
    To disable Dynamic Notifications, select a different notification under How should responders be notified? dropdown.
  6. Click Save Changes.

Defined Support Hours

You can also use Dynamic Notifications in relation to a service’s defined support hours. You can set specific support hours and choose how you want to receive notifications during and outside those hours.

Notify based on support hours

Dynamic notifications based on support hours

To configure defined support hours:

  1. Navigate to Services Service Directory.
  2. Select your preferred service.
  3. Select the Settings tab.
  4. In the Assign and Notify section, click Edit.
  5. In the How should responders be notified? dropdown, select Based on support hours.
  6. Select the days of the week, hours, and time zone for your support hours.
  7. Under During support hours, use, select what type of notification urgency you want during support hours.
  8. Under Outside support hours, use, select what type of notification urgency you want outside of support hours.
  9. (Optional) Configure When incidents are not actioned, automatically with the following settings:
    1. Re-trigger acknowledged incidents after [x minutes] and re-notify assigned responders: Select the checkbox and your preferred time period.
    2. Resolve open incidents after [x minutes]: Select the checkbox and your preferred time period.
  10. Click Save Changes.

Upgrade Incident Notification Urgency

If multiple trigger events occur for the same alert, the alert's severity is set to the highest severity. For example, if an alert initially triggers on a Warning event, and then a Critical event occurs, the alert changes to Critical, and the associated incident changes from Low urgency to High urgency. If a subsequent Info event occurs, the incident remains High urgency. It does not downgrade to Low.

There are three ways you can bundle multiple alerts into a single incident:

  • Using the Alert Grouping feature: You can group alerts for a set period of time or until the incident resolves. While grouping is active, subsequent alerts roll up under a single incident. The incident uses the notification urgency that corresponds with the most severe alert grouped with it.
  • Manually merge the alerts’ parent incidents: The following example shows two alerts with different severity levels merged into a single incident. The initial alert had an info severity, and it created an incident with Low urgency. After merging the incidents, the remaining incident is marked as High urgency due to the second alert's severity level:
Upgrade incident notification urgency

Upgrade incident notification urgency

  • Using an alert dedup_key: With this method, a subsequent alert trigger replaces an existing alert.

PagerDuty Common Event Format

For integrations already mapped to the PagerDuty Common Event Format (PD-CEF), alerts of varying severities may be generated by default. For most integrations, alerts are set to critical by default; you must use Event Orchestration to change the desired severity.

Recommended Practices

  • For immediately actionable events, set a critical or error severity: This ensures that any associated incidents use high-urgency notification channels and escalate if not acknowledged.
  • For actionable events that do not require immediate attention, set a warning severity: This creates a low-urgency incident that does not escalate.
  • For non-actionable events, consider suppressing them and setting an info severity: Non-actionable events do not require incident response, so in most cases you should suppress them.

FAQ

How does the Dynamic Notifications feature interact with Incident Priority?

Incident Priority and Incident Urgency are separate properties that do not influence each other. Currently, you can set Priority manually on an existing incident or during manual incident creation using the Incident Create API or using Event Orchestration.

What if an alert does not have a severity attached?

Alerts created before November 2016 may not have severity information attached. However, since then, all alerts are generated with severity. The alert severity defaults to Critical if the emitting system, event transformer, or Event Orchestration does not specify severity. Events sent to the Events API v2 must include a severity.

What about email integrations?

Service-level email integrations do not send severity.

👍

Tip

You can send events to Event Orchestration's email integration key to add severity and incident priority.

Can I customize the severity-to-urgency mapping?

Currently, mappings are not customizable.

How do I set urgency if monitoring tools do not send it to PagerDuty?

Use Event Orchestration to set severities for incoming alerts on a service.

How does the Dynamic Notifications feature relate to PagerDuty CEF (PD-CEF)?

Integrations mapped to PagerDuty CEF (PD-CEF) automatically send severity. You can always send the severity information using the Events API v2.

How does the Dynamic Notifications feature relate to Alert Grouping?

You can group alerts into a single incident, either over a specific time period or for as long as the incident is open. As new alerts are added to an incident, its severity is set to the highest level. An incident's urgency is never downgraded.

Will Incident Log Entries (ILEs) update?

Yes, the Incident Log Entries (ILEs) are updated to indicate when severity sets incident urgency and when incident urgency is upgraded due to alert severity.

Updated 6 days ago

Learn more