PagerDuty connector and action

edit

PagerDuty connector and action

edit

The PagerDuty connector enables you to trigger, acknowledge, and resolve PagerDuty alerts. In particular, it uses the v2 Events API.

To create this connector, you must have a valid PagerDuty integration key. For configuration tips, refer to Configure PagerDuty

Create connectors in Kibana

edit

You can create connectors in Stack Management > Connectors or as needed when you’re creating a rule. For example:

PagerDuty connector
Connector configuration
edit

PagerDuty connectors have the following configuration properties:

Name
The name of the connector. The name is used to identify a connector in the management UI connector listing, or in the connector list when configuring an action.
API URL
An optional PagerDuty event URL. Defaults to https://events.pagerduty.com/v2/enqueue. If you are using the xpack.actions.allowedHosts setting, make sure the hostname is added to the allowed hosts.
Integration Key
A 32 character PagerDuty Integration Key for an integration on a service, also referred to as the routing key.

Test connectors

edit

After you create a connector, use the Test tab to test its actions:

When you create a rule that uses a PagerDuty connector, you can use any of these types of actions. Rule recovery actions also support all types.

Acknowledge action
edit

When you test the acknowlege action, you must provide the de-duplication key for a PagerDuty alert:

PagerDuty params test
Resolve action
edit

Likewise when you test the resolve action, you must provide the de-duplication key:

PagerDuty params test
Trigger action
edit

When you test the trigger action, you must provide a summary for the PagerDuty alert:

PagerDuty params test

This action has the following properties:

Severity
The perceived severity of on the affected system. This can be one of Critical, Error, Warning or Info(default).
Event action
One of Trigger (default), Resolve, or Acknowledge. See event action for more details.
Dedup Key

All actions sharing this key will be associated with the same PagerDuty alert. This value is used to correlate trigger and resolution. This value is optional, and if not set, defaults to <rule ID>:<alert ID>. The maximum length is 255 characters. See alert deduplication for details.

By default, when you create rules that use the PagerDuty connector, the de-duplication key is used to create a new PagerDuty incident for each alert and reuse the incident when a recovered alert reactivates.

Timestamp
An optional ISO-8601 format date-time, indicating the time the event was detected or generated.
Component
An optional value indicating the component of the source machine that is responsible for the event, for example mysql or eth0.
Group
An optional value indicating the logical grouping of components of a service, for example app-stack.
Source
An optional value indicating the affected system, preferably a hostname or fully qualified domain name. Defaults to the Kibana saved object id of the action.
Summary
An optional text summary of the event, defaults to No summary provided. The maximum length is 1024 characters.
Class
An optional value indicating the class/type of the event, for example ping failure or cpu load.

For more details on these properties, see PagerDuty v2 event parameters.

Connector networking configuration

edit

Use the Action configuration settings to customize connector networking configurations, such as proxies, certificates, or TLS settings. You can set configurations that apply to all your connectors or use xpack.actions.customHostSettings to set per-host configurations.

Configure PagerDuty

edit

By integrating PagerDuty with rules, you can:

  • Route your rules to the right PagerDuty responder within your team, based on your structure, escalation policies, and workflows.
  • Automatically generate incidents of different types and severity based on each rule’s context.
  • Tailor the incident data to match your needs by easily passing the rule context from Kibana to PagerDuty.

To set up PagerDuty:

  1. From the Configuration menu, select Services.
  2. Add an integration to a service:

    • If you are adding your integration to an existing service, click the name of the service you want to add the integration to. Then, select the Integrations tab and click the New Integration button.
    • If you are creating a new service for your integration, go to Configuring Services and Integrations and follow the steps outlined in the Create a New Service section, selecting Elastic Alerts as the Integration Type. Continue with the connector creation in Kibana after you have finished these steps.
  3. Enter an Integration Name in the format Elastic-service-name (for example, Elastic-Alerting or Kibana-APM-Alerting) and select Elastic Alerts from the Integration Type menu.
  4. Click Add Integration to save your new integration.

    You will be redirected to the Integrations tab for your service. An Integration Key is generated on this screen.

    PagerDuty Integrations tab
  5. Save this key for use when you configure the connector in Kibana.