Events API - Event Grouping into Incident

Would be great for the events api to have a grouping_key so that similar alerts can be grouped under the same incident. dedup_key seems to send the first event and all subsequent ones with the same key are discarded rather than grouped.

I would like a grouping key as sometimes there are times where you want all alerts from a single node grouped if they came in together.

time based grouping only offers so much, while it will group all incidents within x minutes you cannot provide additional criteria. such as group on time and node. Intelligent grouping takes too much time to train in this way.

Hi Bradford,

Many thanks for this. I have raised it as as Feature Request with the Product Team for consideration.

Cheers

Brad -

I’d recommend that you reach out to your account team and share this feedback. They can share upcoming product enhancements and early access details that may help you with this request.

Doug

Hi Doug, we are running into the same issue with grouping while integrating our monitoring tool via the Events API v2. We would like to group several alerts under the same incident. Would the Incidents API help in this case?

No, the incident API will not help. We have the following grouping options available, based on your plan. The only sure way to control event/alert grouping in most scenarios is using Content-Based Alert Grouping.

Deduplication - not grouping per se, but a fundamental concept for dealing with incoming alerts, whether being the same event/alert type (eg cpu utilization for a host) or other abstractions (eg service_foo) to ensure a single incident is created for that unique deduplication key. https://support.pagerduty.com/docs/event-management#section-deduplicating-incidents

Time-Based Alert Grouping (TBAG) - allows for rigid time-based window grouping (eg 5 min) with no control over what is grouped. Only recommended with a well-designed service taxonomy to ensure the desired grouping occurs, or for teams who own absolutely everything that may be grouped on that service. https://support.pagerduty.com/docs/time-based-alert-grouping

Content-Based Alert Grouping (CBAG) - allows for the definition of grouping “keys” using incoming event/alert data. For example, if all of your incoming events/alerts had a tag called “service”, you could then group any/all incoming events/alerts into an incident based on the value in the service tag. https://support.pagerduty.com/docs/content-based-alert-grouping

Intelligent Alert Grouping (IAG) - allows for automated grouping based on three pillars - time, similarity in the title/summary, and historical ‘training’ based upon responder actions (merging, unmerging incidents) https://support.pagerduty.com/docs/intelligent-alert-grouping

Check with your account team to see if you’re entitled to use some of these!