Similar Incidents
Reference incidents with similar characteristics to enhance context and resolve incidents faster.
Advanced Insight Module
This feature is part of the Advanced Insight Module. If your organization has not purchased this module, you may not have access to the feature.
If you are interested in upgrading to the Advanced Insight Module, contact your BigPanda account team.
Past incidents are a valuable source of information during the incident management process. Reviewing incidents with similar characteristics can help you understand recurring issues and accelerate the resolution process. However, this process can be very manual and time-consuming, requiring you to search through large groups of incidents to identify similarities.
BigPanda’s Similar Incidents feature speeds up this process by identifying incidents with matching characteristics within the Incident Details pane. Each similar incident includes details such as impact, assignment, steps to resolve, and a summary describing why the incident was considered similar.
Similar incidents are chosen based on a similarity score. The score is calculated using similarity categories based on entity, problem, impact, and topology. A list of the incidents most similar to the selected incident is generated each time you access the Similar tab within the Incident Details Pane.
Use similar incidents to improve MTTR and help your team learn from past resolution steps.
BigPanda University Advanced Insight Module course
You can learn more in the BigPanda University Advanced Insight Module course.
By the end of the course you will be able to:
- Generate and review AI Analysis reports for your incidents that will help you reduce MTTR.
- Review root cause change suspects and identify changes that are the root cause of incidents.
- Compare incidents with similar characteristics to enhance context and resolve incidents faster.
Click here to enroll.
Key Features
- Reference existing incidents from within the Incident Details pane.
- See at a glance how similar matched incidents are, and what elements matched.
- View the key outcomes and the root cause of similar incidents at a glance.
Relevant Permissions
Roles with the following permissions can view Similar Incidents:
Role Name | Description |
---|---|
Environment - Incident Actions | Full access ability to perform actions on all enrichment tags and incidents in the specified environment. |
Environment - View | Read-only access to all enrichment tags and incidents in the specified environment(s) without the ability to change or perform any incident action. |
See the Roles Management page to learn more about Environment permissions in BigPanda.
Similarity Calculation
The Similarity match percentage is calculated based on a group of similarity categories defined in the table below. For an incident to be considered similar, it must have a similarity score of at least 55 percent.
The Entity and Problem categories are required for an incident to be considered by the algorithm, and are weighted higher even when Impact and Topology are included.
Default Tags
Your organization may have a different set of default tags configured for these categories. The Example Default Tags listed in the table below are common tags many organizations include in use to define each category. You can choose to include or exclude tags as needed.
To adjust your category tags, contact BigPanda support.
Category | Definition | Example Default Tags |
---|---|---|
Entity | The primary affected entity for each alert such as the host, node, device, or database. For certain alerts, the entity may be the application, container, endpoint, etc. This identifies the specific element experiencing the issue. | host node object |
Problem | The specific issue observed for each alert, such as the check, alert title, or condition name. This details the nature of the detected failure. | check problem title |
Impact | Any associated or dependent systems, applications, services, platforms, or clients/customers that may be affected by any of the alerts. This details the potential effects and reach of the problem. | app application service |
Topology | Additional attributes about each of the affected entities that provide relational context, such as environment, datacenter, location, cloud provider, or cluster. This outlines the entity's physical or logical location within the IT environment. | dependency connected_to host_basename |
View Similar Incidents
To view Similar Incidents, navigate to the Incident Details pane and open the Similar tab.
Number of similar incidents
The number of similar incidents found within the past 30 days appears within both the Overview tab and on the Similar tab itself. This allows you to see if recent similar incidents are available prior to clicking the tab.
The Similar tab displays the most relevant similar incidents from the selected time period. Similar incidents are ordered according to their similarity score, with the most similar incidents appearing first. See the Similarity Calculation section for more information about how the score is calculated.
If two incidents have the same similarity score, the most recent incident will appear in the list first. If there are no similar incidents, a “No results found” message will appear.
By default, only incidents from the last 30 days will appear in the list. Use the dropdown at the top right of the tab to select a predefined time period or choose a custom time period. You can select incidents from up to 15 months ago.
Time period
Similar Incidents searches any incidents that were active or updated 24 hours to 15 months before the tab is selected.
Similar Incidents in ServiceNow
If your organization uses version 2.9.2 or higher of the ServiceNow integration, you can view similar incident details within the incident information screen in ServiceNow.
For information about upgrading to version 2.9.2, see the Update the BigPanda ServiceNow App documentation.
Incident Similarity Details
Within the Similar tab, each matched incident displays basic incident details, including the incident title, assignee, number of alerts, priority, comments, shares, resolver, and assignment group.
You can click the Comment or Share button to view the comments and shares. Click Open Incident to open the similar incident in a new tab.
The bottom portion of the ribbon displays information about why the incident was considered similar, including the similarity score, matched similarity categories, and a short summary.
To view additional details about why an incident was considered similar, click the bottom part of the ribbon. This expands the matched incident details, where you can view additional information, including how closely the incident matches in each category, and an incident summary for each category.
You can send feedback on the accuracy or helpfulness of the selected similar incident. If the incident is similar, click Yes to let us know that the selection was helpful for your triage efforts. If the incident was not similar or not helpful, click No. You’ll be prompted to enter feedback to let us know what was wrong.
To see more details for a similar incident, click Open Incident. This will open the incident in the Incident Details pane.
Updated 12 days ago