Efficient way to retrieve incidents triggered by one agent

Hi, at my company we have an internal tool that allows us to trigger incidents in pager duty by sending an event.

One important requirement for us is to be able to identify which incidents were triggered by that tool. So far, we do this by adding some custom fields in the payload when creating the event. However, that forces us to list all open incidents and then retrieve the log entries for each one and then select those that have this metadata. As the size of the organization grows, this is slowing down this tool.

I have considered using the client field to identify the incidents created by the tool. However, even if I set it in the event that triggers the incident, later this information is not percent in the incident.

If you’re sending in Event API v2 formatted PD-Common Event Format (CEF) events, that raw data for all fields including source, component, group, and class, and anything in custom_details will be available in the incident’s first_trigger_log_entry record. Have you checked into this?

Hi Doug. As described in the question, this requires first listing all incidents and then retrieving the log entries for each one to check for the agent. What I’m looking at is to be able to filter the incident from the list without having the extra call for each one.

I am not aware of any other way that you could use other than getting all iterating over all incidents, or calling known incidents individually.