Documentation
Plugins
Sources
PagerDuty
Overview

PagerDuty Source Plugin

Latest: v3.0.10

The CloudQuery PagerDuty plugin extracts PagerDuty data and loads it into any supported CloudQuery destination (e.g. PostgreSQL, BigQuery, Snowflake, and more). It is based on The PagerDuty Go SDK (opens in a new tab) and the PagerDuty REST API (opens in a new tab).

Authentication

In order to authenticate with your PagerDuty account, you will need a PagerDuty authorization token (opens in a new tab). CloudQuery supports two methods of reading the authorization token:

  • From a ~/.pd.yml file, such as:
authtoken: <YOUR_AUTH_TOKEN>
  • From an environment variable PAGERDUTY_AUTH_TOKEN.

Rate Limiting

The PagerDuty REST API is rate limited (opens in a new tab) to 900 requests per minute per organization (15 requests per second). Because of this, PagerDuty plugin syncs may take relatively long. This may fit your use case if you sync on something like a nightly cadence - but there are a few things you can do to speed this up:

Because the PagerDuty API is limited per organization, it's important to make sure CloudQuery doesn't use up too much of the quota and disturbs other processes in your organization. By default CloudQuery makes 10 requests per second (66% of the quota), but you can reduce/increase this number by setting the max_requests_per_second configuration parameter.

  • Relational tables (e.g. pagerduty_incident_notes, pagerduty_incident_alerts) require the most API calls, because they require an API call per resource (e.g. incident). You may be able to speed up the sync by skipping these relational tables:

    skip_tables: [
      "pagerduty_incident_alerts",
      "pagerduty_incident_notes",
      "pagerduty_incident_log_entries",
      "pagerduty_ruleset_rules",
      "pagerduty_user_contact_methods",
      "pagerduty_user_notification_rules"
    ]
  • If you are only interested in some of the teams in your organization, you can filter to only sync their resources with

      team_ids: ["<team_id>"]

See the PagerDuty Configuration Page for more info.

Example Queries

The following example queries are SQL queries in the PostgreSQL flavour (i.e. can be used with the PostgreSQL destination).

Top 10 services that generate the most incidents (last 3 months)

  SELECT pagerduty_services.id AS service_id,
         pagerduty_services.name AS service_name,
         COUNT(pagerduty_incidents.id) AS incident_count
  FROM pagerduty_services
  INNER JOIN pagerduty_incidents
  ON pagerduty_services.id = pagerduty_incidents.service->>'id'
  WHERE pagerduty_incidents.created_at > NOW() - INTERVAL '3 months'
  GROUP BY service_id, service_name
  ORDER BY incident_count DESC
  LIMIT 10
 service_id |  service_name   | incident_count
------------+-----------------+----------------
 PYS6MP5    | UnstableService | 25   
 PAZ9U1C    | StableService   | 3

Average time to respond to a query, grouped by priority (last 3 months)

WITH incident_ack_logs AS (
  SELECT pagerduty_incidents.id AS incident_id,
         pagerduty_incidents.priority->>'name' AS priority,
         pagerduty_incident_log_entries.created_at - pagerduty_incidents.created_at AS time_to_log
  FROM pagerduty_incidents 
  INNER JOIN pagerduty_incident_log_entries 
  ON pagerduty_incidents.id = pagerduty_incident_log_entries.incident->>'id'
  WHERE pagerduty_incident_log_entries.type = 'acknowledge_log_entry'
  AND pagerduty_incidents.created_at > NOW() - INTERVAL '3 months'
),
incident_ack_time AS ( -- Make sure only the first acknowledgement is used (incidents may be acknowledged twice)
  SELECT incident_id, 
         priority, 
         MIN(time_to_log) AS time_to_ack
  FROM incident_ack_logs
  GROUP BY incident_id, priority
)
SELECT priority, AVG(time_to_ack) AS average_time_to_ack
FROM incident_ack_time
GROUP BY priority
priority | average_time_to_ack
----------+---------------------
P1       | 00:05:10
P2       | 00:30:00
P3       | 06:20:00

Which users acknowledged the most incidents (last 3 months)

  WITH incident_ack_logs AS (
    SELECT pagerduty_incidents.id AS incident_id,
           pagerduty_incident_log_entries.agent->>'id' AS agent_id
    FROM pagerduty_incidents
    INNER JOIN pagerduty_incident_log_entries 
    ON pagerduty_incidents.id = pagerduty_incident_log_entries.incident->>'id'
    WHERE pagerduty_incident_log_entries.type = 'acknowledge_log_entry'
    AND pagerduty_incidents.created_at > NOW() - INTERVAL '3 months'
  )
  SELECT pagerduty_users.id AS user_id, 
         pagerduty_users.name AS user_name, 
         COUNT(DISTINCT incident_id) AS acknowledge_count FROM
  pagerduty_users INNER JOIN incident_ack_logs
  ON pagerduty_users.id = incident_ack_logs.agent_id
  GROUP BY user_id, user_name
  ORDER BY acknowledge_count DESC
 user_id |  user_name  | acknowledge_count
---------+-------------+-------------------
 PDYR2Y8 | John        | 15
 PDYR2Y9 | Dave        | 12
 PDYR2Z5 | Jane        | 8