PagerDuty Alert Ingestion & AI Chat

When we launched the PagerDuty Integration in January, Kestrel could push incidents to PagerDuty - giving your on-call engineers root cause analysis and fixes right where they work. But the integration was one-directional. Your existing PagerDuty alerts - from custom monitors and other tools in your stack - couldn't flow back into Kestrel.

Today, that changes. The PagerDuty integration is now fully bidirectional. Kestrel ingests your PagerDuty alerts as additional investigation signals alongside its native detection capabilities, automatically correlating them with cloud and Kubernetes telemetry to trigger AI-powered root cause analysis. We're also introducing PagerDuty AI Chat - ask any question about an incident directly from PagerDuty notes using /kestrel.

PagerDuty Alerts as Investigation Signals

Kestrel already detects most infrastructure incidents natively - through its agentless integrations with AWS, GCP, Azure, and OCI cloud services, and via the Kestrel Operator deployed in your Kubernetes clusters. PagerDuty alert ingestion extends this coverage by treating your existing PagerDuty alerts as an additional signal source. When an alert fires from any of your monitoring tools - Prometheus, Grafana, your custom health checks, or any other source routed through PagerDuty - Kestrel picks it up and initiates the same deep investigation it runs for natively detected incidents.

This means gaps in native detection are covered. If a custom monitor catches something before Kestrel's native pipeline does, the PagerDuty alert triggers a full investigation - pulling everything from Kubernetes events and pod logs, to data from cloud services like CloudTrail and CloudWatch, to deliver a root cause analysis before your engineer finishes reading the page.

PagerDuty-Triggered Cloud Incidents

When a PagerDuty alert is classified as a cloud infrastructure issue, Kestrel creates a cloud incident and runs the full investigation pipeline - querying cloud audit logs, metrics, resource configurations, and your tribal knowledge sources. The resulting incident includes the complete root cause analysis, timeline of events, and ready-to-apply remediation via cloud CLI commands or IaC updates (Terraform, Pulumi).

Kestrel also posts a note back to the PagerDuty incident with a direct link to the Kestrel investigation, so your on-call engineer can jump straight to the full analysis and start reviewing fixes.

Click to expand

PagerDuty-Triggered Kubernetes Incidents

For alerts classified as Kubernetes issues, Kestrel correlates the PagerDuty alert with real-time cluster telemetry collected via the Kestrel Operator - pod events, container logs, resource utilization, and network flows. The investigation runs through the same RCA pipeline used for natively detected incidents, producing a full timeline, root cause, and generated YAML fixes.

Multiple PagerDuty alerts that relate to the same underlying issue are automatically deduplicated and correlated into a single Kestrel incident, preventing alert storms from creating duplicate investigations.

Click to expand

PagerDuty AI Chat

During an active incident, every second counts. You shouldn't have to switch tools just to ask a follow-up question. The new PagerDuty AI Chat feature lets you type /kestrel followed by any question in a PagerDuty incident note. Kestrel responds with a new note containing the answer, grounded in live data from your cloud accounts and Kubernetes clusters.

Ask things like:

• /kestrel What other services are affected by this RDS storage issue?
• /kestrel Has this happened before? Check relevant tribal knowledge sources
• /kestrel What would be the blast radius if this database goes down completely?

Kestrel has full context of the PagerDuty incident, the linked Kestrel investigation (if one exists), and your connected cloud and Kubernetes environments. Responses are posted as notes on the same incident, creating a threaded investigation log that your entire team can follow.

Click to expand

Signal Deduplication & Correlation

PagerDuty alerts don't arrive in isolation. A single database outage might trigger alerts from your APM, your health checks, your custom monitors, and your cloud provider - all hitting PagerDuty within seconds of each other. Kestrel's deduplication engine groups related PagerDuty alerts by resource, namespace, and time window, correlating them into a single incident rather than spawning parallel investigations.

If a Kestrel-native detection (from cluster telemetry or cloud signals) already created an incident for the same resource, incoming PagerDuty alerts are attached as additional signals to the existing incident rather than creating duplicates.

Getting Started

If you've already connected PagerDuty via Integrations → PagerDuty, alert ingestion is enabled automatically. Kestrel listens for new alerts on your connected PagerDuty services and begins classifying and investigating them immediately. No additional configuration is required.

For PagerDuty AI Chat, type /kestrel in any incident note on a PagerDuty service connected to Kestrel. Kestrel's response appears as a new note within seconds - though you'll need to refresh the PagerDuty page to see it, since PagerDuty doesn't update notes in real time. (We asked nicely.)