WARNING: Version 5.0 of the Elastic Stack has passed its EOL date.

This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.

Elastic Docs X-Pack for the Elastic Stack [5.0] Alerting on Cluster and Index Events Actions
« Slack Action Transforms »

PagerDuty Actionedit

Use the PagerDuty action to create events in PagerDuty. To create PagerDuty events, you must configure at least one PagerDuty account in elasticsearch.yml.

Configuring PagerDuty Actionsedit

You configure PagerDuty actions in the actions array. Action-specific attributes are specified using the pagerduty keyword.

The following snippet shows a simple PagerDuty action definition:

"actions" : {
  "notify-pagerduty" : {
    "transform" : { ... },
    "throttle_period" : "5m",
    "pagerduty" : {
      "description" : "Main system down, please check!" 
    }
  }
}

Description of the message

Adding Meta Information to a PagerDuty Incidentedit

To give the PagerDuty incident some more context, you can attach the payload as well as an array of contexts to the action.

"actions" : {
  "notify-pagerduty" : {
    "throttle_period" : "5m",
    "pagerduty" : {
      "account" : "team1",
      "description" : "Main system down, please check! Happened at {{ctx.execution_time}}"
      "attach_payload" : true,
      "client" : "/foo/bar/{{ctx.watch_id}}",
      "client_url" : "http://www.example.org/",
      "context" : [
        {
          "type": "link",
          "href": "http://acme.pagerduty.com"
        },{
          "type": "link",
          "href": "http://acme.pagerduty.com",
          "text": "View the incident on {{ctx.payload.link}}"
        }
      ]
    }
  }
}

Pagerduty Action Attributesedit

Name Required Description

account

no

The account to use, falls back to the default one. The account needs a service_key_api attribute.

Table 39. Pagerduty Event Trigger Incident Attributes

Name Required Description

description

yes

A quick description for this event

event_type

no

The event type to sent. Must be one of trigger, resolve or acknowledge. Defaults to trigger.

incident_key

no

The incident key on the pagerduty side, also used for de-duplication and allows to resolve or acknowledge incidents.

client

no

Name of the client triggering the incident, i.e. Watcher Monitoring

client_url

no

A client URL to visit to get more detailed information.

attach_payload

no

If set to true the payload is attached as a detail to the API call. Defaults to false.

contexts

no

An array of objects, that allow you to provide additional links or images in order to provide more context to the trigger.

You can configure defaults for the above values for the whole service using the xpack.notification.pagerduty.event_defaults.* properties as well as per account using xpack.notification.pagerduty.account.your_account_name.event_defaults.*

All of those objects have templating support, so you can use data from the context and the payload as part of all the fields.

Table 40. Pagerduty Event Trigger Context Attributes

Name Required Description

type

yes

One of link or image.

href

yes/no

A link to include more information. Must be there if the type is link, optional if the type is image

src

no

A src attribute for the image type.

Configuring PagerDuty Accountsedit

You configure the accounts Watcher uses to communicate with PagerDuty in the xpack.notification.pagerduty namespace in elasticsearch.yml.

To configure a PagerDuty account, you need the API integration key for the PagerDuty service you want to send notifications to. To get the key:

  1. Log in to pagerduty.com as an account administrator.

  2. Go to Configuration > Services and select the PagerDuty service. The service must use the API integration.

    pagerduty services

  3. Click the Integrations tab and copy the API integration key.

    pagerduty integrations

To configure a PagerDuty account in elasticsearch.yml, at a minimum you must specify an account name and integration key:

xpack.notification.pagerduty:
  account:
    my_pagerduty_account:
      service_api_key: d3b07384d113edec49eaa6238ad5ff0

You can also specify defaults for the PagerDuty event attributes: .

xpack.notification.pagerduty:
  account:
    my_pagerduty_account:
      service_api_key: d3b07384d113edec49eaa6238ad5ff0
      event_defaults:
        description: "Watch notification"
        incident_key: "my_incident_key"
        client: "my_client"
        client_url: http://www.example.org
        event_type: trigger
        attach_payload: true

If you configure multiple PagerDuty accounts, you either need to set a default account or specify which account the event should be sent with in the pagerduty action.

xpack.notification.pagerduty:
  default_account: team1
  account:
    team1:
      ...
    team2:
      ...

Using SSL/TLS with OpenJDKedit

As each distributor is free to choose how to package OpenJDK, it may happen, that even despite the exact same version, an OpenJDK distribution contains different parts under different Linux distributions.

This can lead to issues with any action or input that uses TLS, like the jira, pagerduty, slack, hipchat or webhook one, because of missing CA certs. If you encounter TLS errors, when writing watches that connect to TLS endpoints, you should try to upgrade to the latest available OpenJDK distribution for your platform and if that does not help, try to upgrade to Oracle JDK.

« Slack Action Transforms »