Knowledge Base
API DocsIntegrationsPagerDuty UniversityPagerDuty CommonsContact SupportMy Support Tickets

Unified Alert Grouping

Unified Alert Grouping combines Content-Based Alert Grouping and Intelligent Alert Grouping with a flexible time window for increased precision and correlation control. Unified Alert Grouping will group alerts when alert content matches and Intelligent Alert Grouping determines alerts are similar. Alerts will group only when both conditions are satisfied.

📘

Availability

This feature is available with our PagerDuty AIOps add-on.

🚧

Required User Permissions

Users with the following roles can edit a service’s Alert Grouping settings:

  • Account Owner
  • Admin and Global Admin
  • User
  • Manager base role and Team roles

Enable Unified Alert Grouping

  1. Navigate to Services Service Directory and select the name of your desired service.
  2. Select the Settings tab and click New Grouping in the section Reduce Noise.
  3. Select Intelligent + Alert Content.
  4. Select whether you want alerts to be grouped if All or Any specified fields match.
    1. If All is selected, alerts will match when content is exactly the same.
    2. If Any is selected, alerts will match when at least of the fields is present.
  5. In the dropdown below Match alerts based on, select which alert field you'd like to match on before Intelligent Alert Grouping consider alerts' similarity.
  6. Optional: Click Add Field to add additional content-based matching criteria.
Configure Unified Alert Grouping

Configure Unified Alert Grouping

  1. Select the desired grouping time window for alerts on the service. The Recommended time window indicated in the dropdown uses historical service data to calculate the average time between alerts.
  2. Click Save Settings.

📘

Email Events

Please note that Content Based Alert Grouping does not support email integrations at this time.

Disable Unified Alert Grouping

To select a different grouping method, or to disable Alert Grouping all together, in the web app:

  1. Navigate to Services Service Directory and select the name of your desired service.
  2. Select the Settings tab and click Edit next to Reduce Noise.
  3. In the bottom-left, click Delete.
  4. In the confirmation modal, click Yes, turn off.

Unified Alert Grouping Behavior

Consider the following alerts:

Alert 1
Summary: “High CPU load on AWS EC2 instance” custom_details.source:”Datadog”

Alert 2
Summary: “High CPU load on AWS EC1 instance” custom_details.source:”Splunk”

Intelligent Alert Grouping by itself would likely detect these two as similar, and group them together. However, with the greater control that Unified Alert Grouping offers, you can specify to that alerts should only group if custom_detail.source matches.

As another example, in the following configuration, Unified Alert Grouping specifies that the host must match before Intelligent Alert Grouping considers alerts for grouping.

Unified Alert Grouping: custom_details.host

Alerts must match on custom_details.host

The incident in the following screenshot shows that the host name matched, and that the summary fields were similar enough for Intelligent Alert Grouping to group them together.

Updated 5 months ago

Learn more