Log Management
Alerting
Destinations
PagerDuty

PagerDuty

Turn matches into PagerDuty incidents with explicit severity, routing keys, and custom detail payloads. Use pagerduty under alert: with your integration credentials.

Start with Options when wiring credentials and endpoints—Full working example shows how they fit in a complete rule.

Options

Keys below match the ElastAlert 2 alerter. Shared rule fields such as alert_subject apply as described in Subject & body. Example fragments from the ElastAlert 2 reference appear indented under the option they illustrate (add your own name, type, index, and filter to make a full rule).

Required

  • pagerduty_service_key — Integration Key generated after creating a service with the 'Use our API directly' option at Integration Settings

  • pagerduty_client_name — The name of the monitoring client that is triggering this event.

Optional

  • pagerduty_event_type — Optional. One of trigger, resolve, or acknowledge. Defaults to trigger.

  • alert_subject — If set, this will be used as the Incident description within PagerDuty. If not set, ElastAlert 2 will default to using the rule name of the alert for the incident.

  • alert_subject_args — If set, and alert_subject is a formattable string, ElastAlert 2 will format the incident key based on the provided array of fields from the rule or match.

  • pagerduty_incident_key — When not set, PagerDuty triggers a new incident for each alert. When set to a unique string per rule, PagerDuty identifies the incident to which this event should be applied: if no open (unresolved) incident with this key exists, a new one is created; otherwise, the event is appended to the existing incident's log.

  • pagerduty_incident_key_args — If set, and pagerduty_incident_key is a formattable string, ElastAlert 2 will format the incident key based on the provided array of fields from the rule or match.

  • pagerduty_proxy — By default ElastAlert 2 will not use a network proxy to send notifications to PagerDuty. Set this option using hostname:port if you need to use a proxy. only supports https.

  • pagerduty_ca_certs — Set this option to True or a path to a CA cert bundle or directory (eg: /etc/ssl/certs/ca-certificates.crt) to validate the SSL certificate.

  • pagerduty_ignore_ssl_errors — By default ElastAlert 2 will verify SSL certificate. Set this option to True if you want to ignore SSL errors.

PagerDuty V2 API: The options below that tune V2 payloads are described in Send an event to PagerDuty (opens in a new tab).

  • pagerduty_api_version — Defaults to v1. Set to v2 to enable the PagerDuty V2 Event API.

  • pagerduty_v2_payload_class — Sets the class of the payload. (the event type in PagerDuty)

  • pagerduty_v2_payload_class_args — If set, and pagerduty_v2_payload_class is a formattable string, ElastAlert 2 will format the class based on the provided array of fields from the rule or match.

  • pagerduty_v2_payload_component — Sets the component of the payload. (what program/interface/etc the event came from)

  • pagerduty_v2_payload_component_args — If set, and pagerduty_v2_payload_component is a formattable string, ElastAlert 2 will format the component based on the provided array of fields from the rule or match.

  • pagerduty_v2_payload_group — Sets the logical grouping (e.g. app-stack)

  • pagerduty_v2_payload_group_args — If set, and pagerduty_v2_payload_group is a formattable string, ElastAlert 2 will format the group based on the provided array of fields from the rule or match.

  • pagerduty_v2_payload_severity — Sets the severity of the page. (defaults to critical, valid options: critical, error, warning, info)

  • pagerduty_v2_payload_source — Sets the source of the event, preferably the hostname or fqdn.

  • pagerduty_v2_payload_source_args — If set, and pagerduty_v2_payload_source is a formattable string, ElastAlert 2 will format the source based on the provided array of fields from the rule or match.

  • pagerduty_v2_payload_custom_details — List of keys:values to use as the content of the custom_details payload. For each key:value, it first attempts to map the provided value by checking if it exists as a key in an elastalert match. If a match is found, it assigns the corresponding value from the elastalert match. If no match is found, it then defaults to using the original provided value directly.

  • pagerduty_v2_payload_include_all_info — If True, this will include the entire Elasticsearch document as a custom detail field called "information" in the PagerDuty alert.

Full working example

name: Example alert for PagerDuty
type: any
index: "*-*"
filter:
  - query:
      query_string:
        query: "level:error OR log.level:error"
alert:
  - "pagerduty"
pagerduty_service_key: "REPLACE_ROUTING_KEY"
pagerduty_client_name: "logit"
pagerduty_event_type: trigger

See also Context & links if you enrich incidents with Discover URLs via custom alert_text.

OpsgeniePagerTree