turbot/pagerduty
steampipe plugin install pagerduty

Table: pagerduty_incident - Query PagerDuty Incidents using SQL

PagerDuty Incident Management is a digital operations management platform that combines machine data with human data to improve visibility and agility across organizations. It helps teams to minimize business disruptions and improve the customer experience by providing real-time alerts and incident tracking. PagerDuty Incident Management allows organizations to manage incidents from any source, and it's trusted by thousands of organizations globally to improve their incident response.

Table Usage Guide

The pagerduty_incident table provides detailed insights into incidents managed through the PagerDuty platform. As an Operations or DevOps engineer, explore incident-specific details through this table, including current status, associated services, and urgency level. Utilize it to track and manage incidents, understand their impact, and plan for timely resolution.

Examples

List unacknowledged incidents for the last 30 days

Explore the recent incidents that have not been addressed in the past month. This is beneficial for prioritizing urgent tasks and understanding the backlog of unresolved issues.

select
incident_number,
summary,
urgency,
created_at,
assignments
from
pagerduty_incident
where
status = 'triggered'
and created_at >= now() - interval '30 days';
select
incident_number,
summary,
urgency,
created_at,
assignments
from
pagerduty_incident
where
status = 'triggered'
and created_at >= datetime('now', '-30 days');

List unacknowledged incidents with high urgency for the last 1 week

Determine the high urgency incidents from the past week that are still pending acknowledgment. This aids in prioritizing immediate action on urgent matters that have been overlooked.

select
incident_number,
summary,
urgency,
created_at,
assignments
from
pagerduty_incident
where
status = 'triggered'
and urgency = 'high'
and created_at >= now() - interval '7 days';
select
incident_number,
summary,
urgency,
created_at,
assignments
from
pagerduty_incident
where
status = 'triggered'
and urgency = 'high'
and created_at >= datetime('now', '-7 days');

List unacknowledged incidents assigned to a specific user for the last 3 days

Determine the areas in which urgent issues have not been acknowledged by a specific team member in the last three days. This helps to identify potential bottlenecks and ensures that critical incidents are addressed promptly.

select
i.incident_number,
i.summary,
i.urgency,
i.created_at,
p.email as assigned_to
from
pagerduty_incident as i,
jsonb_array_elements(i.assignments) as a
join pagerduty_user as p on p.id = a -> 'assignee' ->> 'id'
where
p.id = 'P5ISTE8'
and status = 'triggered'
and created_at >= now() - interval '3 days';
select
i.incident_number,
i.summary,
i.urgency,
i.created_at,
p.email as assigned_to
from
pagerduty_incident as i,
json_each(i.assignments) as a
join pagerduty_user as p on p.id = json_extract(a.value, '$.assignee.id')
where
p.id = 'P5ISTE8'
and status = 'triggered'
and created_at >= datetime('now', '-3 days');

List all unacknowledged incidents for the last 7 days

Gain insights into all the recent incidents that have not been addressed yet, within the past week. This can help prioritize urgent matters and streamline incident response.

select
incident_number,
summary,
urgency,
created_at,
assignments
from
pagerduty_incident
where
status = 'triggered'
and created_at >= now() - interval '7 days';
select
incident_number,
summary,
urgency,
created_at,
assignments
from
pagerduty_incident
where
status = 'triggered'
and created_at >= datetime('now', '-7 days');

Schema for pagerduty_incident

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
acknowledgementsjsonbA list of all acknowledgements for this incident. This list will be empty if the 'Incident.status' is resolved or triggered.
alert_countsjsonbDescribes the count of triggered and resolved alerts.
assignmentsjsonbA list of all assignments for this incident. This list will be empty if the 'Incident.status' is resolved.
bodyjsonbDescribes the additional incident details.
conference_bridgejsonbSpecifies the contact information that allows responders to easily connect and collaborate during major incident response.
created_attimestamp with time zone>, >=, =, <, <=The date/time the incident was first triggered.
descriptiontextThe description of the incident.
escalation_policyjsonbSpecifies the escalation policy assigned to this incident.
first_trigger_log_entryjsonbSpecifies the first log entry when the incident was triggered.
html_urltextThe API show URL at which the object is accessible.
idtext=An unique identifier of the incident.
incident_keytext=The incident's de-duplication key.
incident_numberbigintThe number of the incident. This is unique across your account.
is_mergeablebooleanIndicates whether the incident's alerts can be merged with another incident, or not.
last_status_change_attimestamp with time zoneThe time at which the status of the incident last changed.
last_status_change_byjsonbThe agent (user, service or integration) that created or modified the incident log entry.
pending_actionsjsonbA list of pending_actions on the incident. A pending_action object contains a type of action which can be escalate, unacknowledge, resolve or urgency_change. A pending_action object contains at, the time at which the action will take place. An urgency_change pending_action will contain to, the urgency that the incident will change to.
priorityjsonbSpecifies the priority set for this incident.
resolve_reasonjsonbSpecifies the reason the incident was resolved.
selftextThe API show URL at which the object is accessible.
servicejsonbSpecifies the information about the impacted service.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statustext=The current status of the incident.
summarytextA short-form, server-generated string that provides succinct, important information about an object suitable for primary labeling of an entity in a client. In many cases, this will be identical to name, though it is not intended to be an identifier.
teamsjsonbThe teams involved in the incident's lifecycle.
titletextTitle of the resource.
typetextThe type of object being created.
urgencytext=The current urgency of the incident.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- pagerduty

You can pass the configuration to the command with the --config argument:

steampipe_export_pagerduty --config '<your_config>' pagerduty_incident