I often merge incidents to reduce the number of clicks I need to perform to resolve them. However, changing the priority of the parent incident is not inherited by the children, which means I anyhow has to modify every single incident. Would be nice if children automatically get assigned the same priority. (For info, my company uses the priority to reflect soc2 severity levels)
Hello @emma.silberbrandt. Thanks for reaching out.
When you merge incidents in PagerDuty you are not defining which incident is the parent and which ones are child incidents. You are defining the incident where all alerts will be merged into. All other incidents will be resolved and their status will then be “Resolved (merged)”. Resolved incidents will have their timeline updated (mentioning the merge action and the unlinking of alerts on the resolved incidents) but they will not be linked to the target incident that is still active. That’s why you don’t see any actions cascading to resolved incidents. You can see more details here.
Still, if you can give me more details on what you mean by “reduce the number of clicks I need to perform to resolve them”? Are you using Alert Grouping? Do you have people triggering incidents manually? Is it really important to track the priority on incidents that were merged (not acted upon)?
There might be more effective ways of achieving what you want. Thanks!
Hi Tiago. Thanks for explaining how the merging actually works.
To give you an example of “many clicks”: We have automised AWS Cloudwatch Alerts monitoring the oldest message of my SQS queues. I had an issue where, say, 50 queues all went into alert because of the same underlying issue. Hence, I merged the incidents so that I eventually didn’t have to mark every single one of them Resolved. However, I still had to change the priority of every single one of them, because part of my company’s SOC2 auditing involves looking at past incidents, which are identified using the priority tag.
I don’t use Alert Grouping, nor do I have people triggering issues manually.
Do you have any advice?
I would recommend you to look into Intelligent Alert Grouping. This will allow you to reduce the number of incidents based on the payload of the incoming event and the timeframe they take place.
Take into consideration that this can only be applied on the service level, so if these SQS queues belong to different PagerDuty services they will not be grouped together.
For the SOC2 auditing requirement, you can set a default priority for all incidents that match a certain condition with Event Orchestration. The downside is that the priority of the incident that is active will not necessarily match the resolved (merged) ones.
If you really need to have a priority tag cascading from the active incident to the resolved (merged) incidents you probably need to use our APIs as we don’t have an easy way to do this from the incidents page.
I would recommend you to approach this in two steps. Hopefully the alert grouping feature will allow you to reduce the number of incidents generated and therefore make it easier for you to apply the priority you want in merged incidents.
Let me know if this helps.