Skip to main content

Getting Started

Workflows

Workflows are automated processes that execute when specific events occur in your system. They allow you to create event-driven automation for incident response, task management, and communication.

Note: Workflows are available on paid plans only.

How Workflows Work

Workflows hook into system events and execute a series of automated actions based on defined conditions. Teams can create automated incident response processes to:

  • Automatically assign incidents and change priorities
  • Route incidents to specific escalation policies
  • Add tasks, notes, and responders
  • Send notifications via email or webhooks
  • Create conditional logic with delays

Workflow Structure

A workflow consists of:

  • Trigger: The event that starts the workflow (e.g., Incident Created)
  • Actions: Automated steps that execute in sequence
  • Conditions: Logic that determines workflow branching
  • Context: Data passed between actions using mustache templating {{variable}}

Triggers

Currently supported workflow triggers:

Trigger Event Description
Incident Created incident_create Executes when a new incident is created

Incident Created Trigger

Available Context Variables:

Variable Description Example
{{trigger_data.unique_id}} Incident unique identifier 550e8400-e29b-41d4-a716-446655440000
{{trigger_data.summary}} Incident summary text Database connection timeout
{{trigger_data.incident_number}} Sequential incident number 1234
{{trigger_data.creation_date}} When incident was created 2024-01-15T10:30:00Z
{{trigger_data.status}} Incident status 1 (triggered), 2 (acknowledged), 3 (resolved)
{{trigger_data.title}} Incident title Production Database Error
{{trigger_data.service}} Service UUID 550e8400-e29b-41d4-a716-446655440000
{{trigger_data.urgency}} Urgency level 0 (low), 1 (high)
{{trigger_data.assigned_to}} Assigned user john.doe or null

Actions

The following actions can be executed in workflows:

Incident Management Actions

Action Description
Change Incident Status Updates incident status (triggered, acknowledged, resolved)
Change Priority Sets incident priority level
Change Escalation Policy Routes incident to different escalation policy
Change Assignee Assigns incident to specific user
Change Urgency Updates incident urgency level
Change Summary Modifies incident summary text

Task and Communication Actions

Action Description
Add Note Adds note to incident for team communication
Add Task Creates task associated with incident
Add Responder Adds additional responders to incident
Add Stakeholder Adds stakeholders for incident notifications
Add Tag Categorizes incident with tags

Communication Actions

Action Description
Send Email Sends email notifications with incident details
Send Webhook Makes HTTP requests to external systems

Logic and Control Actions

Action Description
Condition Evaluates logic and branches workflow execution
Delay Pauses workflow execution for specified time

Action Details

Change Incident Status

Changes the status of an incident.

Parameters:

  • status: Target status (1=triggered, 2=acknowledged, 3=resolved)

Change Priority

Updates the priority level of an incident.

Parameters:

  • priority: Team Priority

Change Escalation Policy

Assigns incident to different escalation policy.

Parameters:

  • escalation_policy: Target escalation policy

Change Assignee

Assigns incident to specific user.

Parameters:

  • assignee_username: Username of person to assign

Change Urgency

Updates incident urgency level.

Parameters:

  • urgency: Urgency level (0=low, 1=high)

Change Summary

Updates incident summary with new text.

Parameters:

  • summary: New summary text

Add Note

Adds note to incident for team communication.

Parameters:

  • note: Text content of note

Add Task

Creates task associated with incident.

Parameters:

  • title: Task title
  • description: Task description
  • due_in: Minutes until task is due
  • assigned_role: Role responsible for task

Add Responder

Adds additional responders to incident.

Parameters:

  • responder_username: Username of responder to add

Add Stakeholder

Adds stakeholders for incident notifications.

Parameters:

  • stakeholder_email: Email address of stakeholder

Add Tag

Categorizes incident with tags.

Parameters:

  • tags: Array of tag names to add

Send Email

Sends email notifications with incident details.

Parameters:

  • to: Email address or array of addresses
  • subject: Email subject line
  • message: Email body content

Send Webhook

Makes HTTP requests to external systems.

Parameters:

  • url: Target URL for webhook
  • method: HTTP method (GET, POST, PUT, DELETE)
  • headers: HTTP headers (object)
  • body: Request body for POST/PUT requests

Delay

Pauses workflow execution for specified time.

Parameters:

  • delay: Number of time units to wait
  • unit: Time unit ("minutes" or "seconds")

Conditions

Conditions allow workflows to branch based on logic evaluation.

Supported Operators

Operator Description Example
eq Equal {{trigger_data.urgency}} eq 1
neq Not Equal {{trigger_data.status}} neq 3
lt Less Than {{trigger_data.priority}} lt 3
gt Greater Than {{trigger_data.incident_number}} gt 1000
lte Less Than or Equal {{trigger_data.urgency}} lte 0
gte Greater Than or Equal {{trigger_data.priority}} gte 2
contains Contains {{trigger_data.summary}} contains "database"
does not contain Does Not Contain {{trigger_data.summary}} does not contain "test"

Condition

Evaluates logical expression and branches workflow execution.

Parameters:

  • left_value: Left side of comparison
  • operator: Comparison operator
  • right_value: Right side of comparison

Example:

{
  "left_value": "{{trigger_data.summary}}",
  "operator": "contains",
  "right_value": "critical"
}

The above condition checks if incident summary contains "critical" and branches to:

  • True branch: Execute high-priority actions
  • False branch: Execute normal actions

Use Cases and Examples

Example 1: Auto-escalate Critical Incidents

Route critical priority incidents to senior engineers escalation policy.

Condition:

{
  "left_value": "{{trigger_data.priority}}",
  "operator": "eq", 
  "right_value": 1
}

Actions (True branch):

{
  "escalation_policy_id": "55828d60-d7b4-45fc-9b59-47d1f3a8310a",
}

Example 2: Database Incident Response

Specialized handling for database-related incidents.

Condition:

{
  "left_value": "{{trigger_data.summary}}",
  "operator": "contains",
  "right_value": "database"
}

Actions (True branch):

  1. Add Responder: database.admin
  2. Change Priority to High (2)
  3. Add Tag: ["database"]
  4. Add Task: "Check database performance metrics"

Example 3: After-hours Escalation

Different handling for incidents outside business hours with delayed escalation.

Workflow:

  1. Delay: 30 minutes
  2. Condition: Check if incident status is still triggered (1)
  3. Actions (True branch):
    • Change Priority to High
    • Add Note: "Auto-escalating unresolved incident"
    • Send Email to escalation team

Example 4: Stakeholder Notification

Notify management for critical incidents affecting production services.

Condition:

{
  "left_value": "{{trigger_data.urgency}}",
  "operator": "eq",
  "right_value": 1
}

Actions (True branch):

{
  "stakeholder_email": "management@company.com",
}

Creating Workflows

  1. Navigate to Workflows in your dashboard
  2. Click Create Workflow
  3. Choose Incident Created trigger
  4. Add actions and conditions as needed
  5. Assign workflow to specific teams
  6. Test and activate workflow

Workflows execute automatically when trigger conditions are met for assigned teams.