Event Orchestration Examples
Event Orchestration is a highly customizable suite of features and capabilities. The examples on this page are taken from real-world customer use cases, which you're welcome to replicate in your own PagerDuty account.
If Events Match Certain Conditions
In this example, we will create a routing rule that routes events to a service when matching conditions are met.
- Create a routing rule and, under When should events be routed here?, select If events match certain conditions.
- Indicate the event conditions that you would like the orchestration to match using one of the following methods:
Method | Description |
---|---|
Base conditions on incoming JSON | Depending on your account's activity, you may have recent events appear on the left side of the screen if events have been sent to the incoming event source. View these events to determine which values to use. |
Events sent through the API | You will use the JSON field names directly (e.g., summary ). For nested fields, separate names with a dot (. ) (e.g., payload.taskid ). If you are sending data through additional fields, enter them exactly as they are sent to PagerDuty. For example, if your events have a tags field, enter that field name in your rule condition as tags . |
Events sent through email | Note: The following functionality will only work when you send emails to a global email integration address. It will not work for emails sent directly to a service-level email integration. Rules may be based on the content of an email by entering the appropriate email field as custom details in the event field. The email subject will be used as a default deduplication key. In other words, emails with the same subject line will automatically be deduplicated. To change this behavior, add a custom deduplication key with an orchestration rule action. The most common email fields are: - event.custom_details.from[0] (the from address).*- event.custom_details.subject (the subject line)**- event.custom_details.plain_body (the email body)*The [0] refers to the 1st position in a list of emails. If you would like to generally search through a list of emails (either in the to field or the from field), please enter event.custom_details.from or event.custom_details.to .**For email-generated events, the field event.summary is populated with the same value as event.custom_details.subject (the email subject) by default. However, these are separate fields and their values may differ based on customer-specified configurations. |
- In the middle dropdown, select how the event should be filtered.
Filter Options | Description |
---|---|
- matches part - does not match part | The field contains/does not contain a value. |
- matches - does not match | The field equals/does not equal a value (this operation requires the field to be passed in as a string). |
- exists - does not exist | The field exists/does not exist. |
- matches regex - does not match regex | The field matches/does not match a regular expression. Regular expressions must use RE2 syntax. |
Negative Operations
Rules with negative operations, such as does not contain or does not equal, will match events that do not contain your specified value and events that do not contain the field at all. As an example:
- severity field does not equal
critical
- This will match events where the severity field does not equal
critical
and events that do not contain a severity field at all.If you'd like to avoid this, you must add an additional condition that matches only when the field exists. For example:
When all conditions are true:
- severity field exists
- severity field does not equal
critical
Note: You must select all conditions must be true for the rule to match.
- In the second value field, input the value that should be met from the payload. This can be a string or regular expression.
Case Sensitivity
Condition values in Event Orchestrations are case-insensitive.
For example, if a condition is set with
Summary
matches partDOWN
, this will match if theSummary
containsDown
,down
and other variations of the word.
- When additional conditions should be added, use the following options:
- + And: Additional conditions should be met.
- + New Condition: Create another set of conditions that should be met. A new condition block creates an
OR
operator of conditions that will also be evaluated alongside other blocks.
- Click Save to save your configuration.
Condition Limits
You can create up to 25 condition blocks within a rule, and you can have up to 64 operators (i.e.,
AND
,OR
), or a maximum of 2048 bytes (e.g., if you're using PCL) in a single condition block.
On a Recurring Weekly Schedule
Availability
Scheduled conditions are available with Advanced Event Orchestration.
In this example, we will create a routing rule that routes events to a service on a weekly recurring schedule.
- Create a routing rule and, under When should events be routed here?, select On a recurring weekly schedule.
- Enter appropriate times for Start and End, select your preferred Days of the week, and pick your Timezone.
- Click Save.
Advanced Configuration with the and
Operator
and
OperatorAvailability
Scheduled and threshold conditions are available with Advanced Event Orchestration.
This example details how to edit PCL to create an advanced condition that the UI does not natively allow for.
If you select one of the following options for When should events be routed here?, the UI does not offer a way to set an and
condition:
- On a recurring weekly schedule
- During a scheduled date range
- Depends on event frequency
You can work around this, however, by directly editing the PagerDuty Condition Language (PCL).
Say you'd like to route events to a service when the following conditions are met:
- The event's
source
matchesmainframe
. - It is Wednesday or Sunday between 11:00 a.m. and 12:00 p.m. Eastern.
The following PCL statement will meet these conditions: event.source matches 'mainframe' and now in Wed,Sun 11:00:00 to 12:00:00 America/New_York
.
Updated 27 days ago