PagerDuty Incident Indexing
- Agent picks up PagerDuty incidents within 1–2 minutes of firing
- Investigates using all connected data sources — Azure Monitor, Kusto, GitHub, and more
- Acknowledges, resolves, or escalates based on your response plan configuration
- Resolution metrics tracked automatically — see agent-resolved vs human-resolved trends
The problem: PagerDuty fires, you context-switch
When a PagerDuty alert fires, you're not just reading a notification — you're starting a manual investigation. Open PagerDuty for the incident details, then Azure Monitor for metrics, then your logs for errors, then GitHub for recent deployments. By the time you've gathered enough context to form a theory, 30 minutes have passed.
Meanwhile, MTTR tracking lives in spreadsheets or PagerDuty analytics, disconnected from what the agent learned during past investigations. Knowledge from resolved incidents stays in engineers' heads, lost when the team rotates.
How PagerDuty incident indexing works
When you connect PagerDuty to your agent:
Scanner polls every minute — your agent checks PagerDuty for new incidents matching your response plan filters (priority, service, incident type). Connect with a PagerDuty API access key from your PagerDuty API Access Keys settings.
Priority mapping — PagerDuty priorities (P1–P5) map to agent severity levels (1–5), so your response plans filter consistently regardless of which incident platform you use.
Status sync — PagerDuty incident status (Triggered → Acknowledged → Resolved) maps to agent status. When the agent resolves an incident, it tracks whether it was agent-mitigated, agent-assisted, or human-resolved.
From there, the agent follows the same investigation and response flow as any other incident platform.
What makes this different
Unlike PagerDuty's built-in automation, which runs predefined workflows, your agent reasons about each incident individually. It correlates evidence across all your data sources, forms hypotheses, and validates them — adapting its approach based on what it finds.
Unlike static runbooks, your agent learns from every resolved incident. AI analysis captures root cause summaries and extracted knowledge, building institutional memory that survives team rotation.
Unlike manual investigation, your agent starts within seconds of the alert firing. No context-switching between tools. No waking up at 3 AM to manually correlate logs and metrics.
Before and after
| Before | After | |
|---|---|---|
| Acknowledgment | Wait for on-call to see PagerDuty alert | Agent acknowledges in seconds |
| Investigation | Open 5+ tools, manually correlate data | Agent queries all sources automatically |
| Time to root cause | 30–60 minutes of manual work | 2–5 minutes, automated |
| Knowledge captured | In engineer's head, lost on rotation | Saved to agent memory |
| Resolution tracking | Manual MTTR tracking | Automated: agent-resolved vs human-resolved |
PagerDuty priority mapping
PagerDuty priorities map directly to the agent's severity classification:
| PagerDuty Priority | Agent Severity | Quickstart Response Plan |
|---|---|---|
| P1 | 1 (Critical) | ✅ Autonomous response |
| P2 | 2 (High) | — |
| P3 | 3 (Moderate) | — |
| P4 | 4 (Low) | — |
| P5 | 5 (Informational) | — |
PagerDuty urgency (high/low) is stored for reference but does not affect agent routing. Priority is the primary severity signal your response plans use.
Incident status normalization
| PagerDuty Status | Agent Status | What happens |
|---|---|---|
| Triggered | Active | Agent begins investigation |
| Acknowledged | Active | Investigation continues |
| Resolved | Resolved | AI analysis generates root cause summary |
When the agent resolves a PagerDuty incident, it records an SREAgent_Resolved tag on the incident in the agent's own database — so you can distinguish agent-resolved from human-resolved incidents in the agent's analytics. The tag is not written back to PagerDuty.
Get started
→ Tutorial: Set up PagerDuty incident indexing
Related capabilities
| Capability | What it adds |
|---|---|
| Incident Response → | How your agent investigates and responds to all incident types |
| Incident Response Plans → | Configure autonomy levels for different incident types and priorities |
| Root Cause Analysis → | AI-driven hypothesis formation and evidence validation |
| Memory → | How resolved incident knowledge improves future investigations |
| Connectors → | Data sources your agent uses during investigation |