Knowledge Base
API DocsIntegrationsPagerDuty UniversityPagerDuty CommonsContact SupportMy Support Tickets

Unified Alert Grouping

Combine Intelligent Alert Grouping's machine learning model with Content-Based Alert Grouping's precision

Unified Alert Grouping combines Content-Based Alert Grouping and Intelligent Alert Grouping with a flexible time window for increased precision and correlation control. Unified Alert Grouping will group alerts when alert content matches and Intelligent Alert Grouping determines alerts are similar. Alerts will group only when both conditions are satisfied.

📘

Availability

This feature is available with our PagerDuty AIOps add-on.

🚧

Required User Permissions

Users with the following roles can edit a service’s Alert Grouping settings:

  • Account Owner
  • Admin and Global Admin
  • User
  • Manager base role and Team roles

Enable Unified Alert Grouping

  1. Navigate to Services Service Directory and select the name of your desired service.
  2. Select the Settings tab and click New Grouping in the section Reduce Noise.
  3. Select Intelligent + Alert Content.
  4. Select whether you want alerts to be grouped if All or Any specified fields match.
    1. If All is selected, alerts will match when content is exactly the same.
    2. If Any is selected, alerts will match when at least of the fields is present.
  5. In the Select Fields dropdown, select which alert field you'd like to match on before Intelligent Alert Grouping considers alerts' similarity.

👍

View Alert Payloads

You can select fields from recent alerts by clicking See Recent Alerts. This will display a list of the service’s recent alerts. You can click an alert to view the alert’s payload and then click on the field you want to match on.

  1. Optional: Click Add Field to add additional content-based matching criteria.

  2. Select the desired grouping time window for alerts on the service. The Recommended time indicated in the dropdown uses historical service data to calculate the average time between alerts.

  3. Click Save Settings.

Disable Unified Alert Grouping

To select a different grouping method, or to disable Alert Grouping all together, in the web app:

  1. Navigate to Services Service Directory and select the name of your desired service.
  2. Select the Settings tab and click Edit next to Reduce Noise.
  3. In the bottom-left, click Delete.
  4. In the confirmation modal, click Yes, turn off.

Unified Alert Grouping Behavior

Consider the following alerts:

Alert 1
Summary: “High CPU load on AWS EC2 instance” custom_details.source:”Datadog”

Alert 2
Summary: “High CPU load on AWS EC1 instance” custom_details.source:”Splunk”

Intelligent Alert Grouping by itself would likely detect these two as similar, and group them together. However, with the greater control that Unified Alert Grouping offers, you can specify to that alerts should only group if custom_detail.source matches.

As another example, in the following configuration, Unified Alert Grouping specifies that the host must match before Intelligent Alert Grouping considers alerts for grouping.

Alerts must match on `custom_details.host`

Alerts must match on custom_details.host

The incident in the following screenshot shows that the host name matched, and that the summary fields were similar enough for Intelligent Alert Grouping to group them together.

Alert grouping result

Alert grouping result

Updated 6 days ago

Learn more