turbot/pagerduty
steampipe plugin install pagerduty

Table: pagerduty_incident_log - Query PagerDuty Incident Logs using SQL

PagerDuty Incident Logs are a record of all the activities related to an incident within PagerDuty. These logs provide a detailed timeline of incident activity, including status changes, escalations, and notes added by users. They are crucial for postmortem analysis and understanding the incident's lifecycle.

Table Usage Guide

The pagerduty_incident_log table provides insights into incident logs within PagerDuty. As an incident responder or a DevOps engineer, explore the detailed timeline of incident activity through this table, including status changes, escalations, and user-added notes. Utilize it to facilitate postmortem analysis and gain a comprehensive understanding of the incident's lifecycle.

Important Notes

  • You must specify the incident_id in the where or join clause (where incident_id=, join pagerduty_incident_log l on l.incident_id=) to query this table.
  • It is recommended that queries specify created_at (usually in the where clause) to filter the log entries within a specific time range.

Examples

List log entries for all incident in last 24 hrs

Explore the recent incidents in the last 24 hours for a comprehensive understanding of the situation, including the incident's summary and who created it. This query can assist in identifying patterns and trends in incidents, which can be useful for troubleshooting and improving system stability.

select
i.summary as incident_summary,
l.id as log_entry_id,
l.created_at,
l.agent ->> 'summary' as created_by
from
pagerduty_incident_log as l,
pagerduty_incident as i
where
l.incident_id = i.id
and l.created_at > now() - interval '24 hrs';
select
i.summary as incident_summary,
l.id as log_entry_id,
l.created_at,
json_extract(l.agent, '$.summary') as created_by
from
pagerduty_incident_log as l,
pagerduty_incident as i
where
l.incident_id = i.id
and l.created_at > datetime('now', '-24 hours');

List incident logs for an incident from the last 3 days

Explore recent incident logs to gain insights into the activities and changes made within the last three days. This is beneficial in understanding the sequence of events or actions taken for a specific incident, aiding in incident management and resolution.

select
id,
incident_id,
created_at,
agent ->> 'summary' as created_by
from
pagerduty_incident_log
where
incident_id = 'Q0FH5K82AJ101C'
and created_at > now() - interval '3 days';
select
id,
incident_id,
created_at,
json_extract(agent, '$.summary') as created_by
from
pagerduty_incident_log
where
incident_id = 'Q0FH5K82AJ101C'
and created_at > datetime('now', '-3 days');

List incident log entries for activities performed by users

Discover the segments that highlight user activities within specific incidents. This can be beneficial in tracking user actions, identifying patterns, and managing incident responses more effectively.

select
id,
incident_id,
created_at,
jsonb_pretty(channel) as action,
agent ->> 'summary' as user_name
from
pagerduty_incident_log
where
incident_id = 'Q0FH5K82AJ101C'
and agent ->> 'type' = 'user_reference';
select
id,
incident_id,
created_at,
channel as action,
json_extract(agent, '$.summary') as user_name
from
pagerduty_incident_log
where
incident_id = 'Q0FH5K82AJ101C'
and json_extract(agent, '$.type') = 'user_reference';

List incident log entries for activities performed by services

Explore which activities have been performed by different services in specific incidents, allowing you to gain insights into the actions taken and who performed them for better incident management.

select
id,
incident_id,
created_at,
jsonb_pretty(channel) as action,
agent ->> 'summary' as user_name
from
pagerduty_incident_log
where
incident_id = 'Q0FH5K82AJ101C'
and agent ->> 'type' = 'service_reference';
select
id,
incident_id,
created_at,
channel as action,
json_extract(agent, '$.summary') as user_name
from
pagerduty_incident_log
where
incident_id = 'Q0FH5K82AJ101C'
and json_extract(agent, '$.type') = 'service_reference';

Schema for pagerduty_incident_log

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
acknowledgement_timeoutbigintSpecifies the acknowledgement timeout (in seconds) for the incident.
agentjsonbThe agent (user, service or integration) that created or modified the incident log entry.
channeljsonbPolymorphic object representation of the means by which the action was channeled. Has different formats depending on type, indicated by channel[type]. Will be one of auto, email, api, nagios, or timeout if agent[type] is service. Will be one of email, sms, website, web_trigger, or note if agent[type] is user.
contextsjsonbA list of contexts to be included with the trigger such as links to graphs, or images.
created_attimestamp with time zone>, >=, =, <, <=Time at which the log entry was created.
event_detailsjsonbA list of information about the change events.
html_urltextThe API show URL at which the object is accessible.
idtextAn unique identifier of the log entry.
incident_idtext=An unique identifier of the queried incident.
selftextThe API show URL at which the object is accessible.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
summarytextA short-form, server-generated string that provides succinct, important information about an object suitable for primary labeling of an entity in a client. In many cases, this will be identical to name, though it is not intended to be an identifier.
teamsjsonbA list of team references unless included.
titletextTitle of the resource.
typetextThe type of object being created.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- pagerduty

You can pass the configuration to the command with the --config argument:

steampipe_export_pagerduty --config '<your_config>' pagerduty_incident_log