Knowledge Base
API DocsIntegrationsPagerDuty UniversityPagerDuty CommonsContact SupportMy Support Tickets

Time-Based Alert Grouping

Time-Based Alert Grouping automatically adds alerts to an open incident for a predetermined period. This feature is helpful for services that generate many alerts. Grouped alerts mean fewer incidents and interruptions for responders, richer context for triggered incidents, and lower resolution times.

📘

AIOps Feature

This feature is included with the PagerDuty AIOps add-on. If you would like to sign up for a trial of PagerDuty AIOps features, please read PagerDuty AIOps Trials.

Your service configuration must have AIOps enabled in order to use this feature. AIOps Service Configuration is in Limited General Availability. Please refer to Configurable Service Settings for more information and enablement steps.

📘

Legacy Availability

This feature is also available with Legacy Event Intelligence.

🚧

Required User Permission

You can edit a service's alert grouping settings if you have one of the following roles:

  • Account Owner
  • Admin and Global Admin
  • User
  • Manager base role and team roles
    • Manager team roles can only manage services associated with their team.

Enable Time-Based Alert Grouping

  1. In the web app, navigate to Services Service Directory and click your preferred service's name.
  2. Select the Settings tab and click New Grouping or Edit in the Reduce Noise section.
  3. Select Time only and select a duration from the dropdown.
The PagerDuty web app showing how to enable Time-Based Alert Grouping

Enable Time-Based Alert Grouping

  1. Click Save.

Disable Time-Based Alert Grouping

  1. In the web app, navigate to Services Service Directory and click the name of your desired service.
  2. Select the Settings tab and click Edit in the Reduce Noise section.
  3. In the bottom-left, click Delete. In the confirmation modal, click Delete again.
    • Note: This action cannot be undone.

Time-Based Alert Grouping Behavior

When you enable Time-Based Alert Grouping on a service, the first alert creates a new incident. Subsequent alerts add to that incident for the specified time period while the incident remains open (that is, triggered or acknowledged). If the incident resolves within the selected time period, the timer stops, and subsequent alerts do not group into that incident.

The timer restarts when the next alert on that service arrives and triggers a new incident. If the incident does not resolve within the selected time period, the incident remains open and the next alert triggers a new incident. Subsequent alerts group into the most recent incident.

If you select until incident is resolved for the duration of the timer, the first alert on the service triggers an incident and all subsequent alerts group into that incident until it resolves, regardless of how much time passes.

Time-Based Alert Grouping Example

This example uses a Shopping Cart service with a one-hour time-based alert grouping window.

TimeExample 1: Incident resolves within 45 minutesExample 2: Incident does not resolve within one hour
10:00 a.m.TRIGGER: An alert triggers and creates Incident 1. The one-hour timer begins, set to group all new alerts on the Shopping Cart service into Incident 1 until 11:00 a.m.TRIGGER: An alert triggers and creates Incident 1. The one-hour timer begins, set to group all new alerts on the Shopping Cart service into Incident 1 until 11:00 a.m.
10:07 a.m.ACKNOWLEDGE: Responder acknowledges Incident 1.ACKNOWLEDGE: Responder acknowledges Incident 1.
10:15 a.m.Five more alerts come in on Shopping Cart. Incident 1 now has six alerts, all triggered.Five more alerts come in on Shopping Cart. Incident 1 now has six alerts, all triggered.
10:45 a.m.RESOLVE: The responder resolves Incident 1. New alerts on the Shopping Cart service no longer group into Incident 1.Incident 1 remains in the acknowledged state and groups alerts.
10:55 a.m.TRIGGER: An alert comes in on the Shopping Cart service and creates Incident 2. A new one-hour timer begins, set to group all new alerts on the Shopping Cart service into Incident 2 until 11:55 a.m.An alert comes in on Shopping Cart and groups into Incident 1. Incident 1 now has seven alerts: three resolved, four triggered.
11:00 a.m.Incident 1 is resolved, Incident 2 is triggered with one alert.Incident 1 remains acknowledged, the timer expires, and PagerDuty no longer actively groups new alerts into Incident 1. Incident 1 is acknowledged with seven alerts.
11:10 a.m.An alert comes in and groups into Incident 2. Incident 2 now has two alerts.TRIGGER: An alert comes in and creates Incident 2. The one-hour timer begins, set to group all new alerts on the Shopping Cart service into Incident 2 until 12:10 a.m.

FAQ

Can I move grouped alerts to another incident?

If Time-Based Alert Grouping adds an alert to an incident that belongs better as part of a different incident, you can move the alert to another incident or create a new incident. For more information, read Move Alerts to Another Incident.

How does Time-Based Alert Grouping affect incident notifications?

While Time-Based Alert Grouping reduces notification noise, the specific number of times you receive notifications is based on your notification rules. For example, if a service has an acknowledgement timeout, responders receive notifications when the timeout expires.

How is Time-Based Alert Grouping different from alert deduplication?

Deduplication is configured on a per-integration basis and often requires specific event information, like an incident key or an alert key. When you have multiple integrations on a service, or your monitoring tool generates a variety of alerts, management can become increasingly difficult. Time-Based Alert Grouping allows you to group all incoming events on the service into the current incident for the specified time period, regardless of the monitoring tool (that is, the integration) that generates the original alert.

How is Time-Based Alert Grouping different from snoozing incidents?

Snoozing an incident keeps it from moving up the escalation chain and notifying you. Snoozing does not prevent new incidents from generating on a service.

Can I manually merge incidents?

Yes, Time-Based Alert Grouping does not affect your ability to manually merge incidents or move alerts from one incident to another. All grouped alerts merge into a single incident.

Can manually triggered incidents be grouped with Alert Grouping?

Manually triggered incidents do not create alerts, do not participate in Alert Grouping, and cannot merge into other incidents.

Will incidents created by REST API be grouped by Time-Based Alert Grouping?

No, like manually created incidents, the Incidents REST API bypasses alerts and directly creates incidents. Therefore, Time-Based Alert Grouping does not affect them.

This behavior also applies to any integrations that create incidents via REST API, for example, the ServiceNow integration.

Events sent via the Events API v2 work with Time-Based Alert Grouping.

Is there a limit to how many alerts can group into a single incident?

Yes, PagerDuty incidents are limited to 1,000 alerts. After reaching this limit, a new incident triggers and subsequent alerts continue to group into the most recent incident.


Updated 1 day ago

Learn more