Similar Incidents
Reference incidents with similar characteristics to enhance context and resolve incidents faster.
Advanced Insights Module
This feature is part of the Advanced Insights Module. If your organization has not purchased this module, you may not have access to the feature.
If you are interested in upgrading to the Advanced Insights Module, contact your BigPanda account team.
Past incidents are a valuable source of information during the incident management process. Reviewing incidents with similar characteristics can help you understand recurring issues and accelerate the resolution process. However, this process can be very manual and time-consuming, requiring you to search through large groups of incidents to identify similarities.
BigPanda’s Similar Incidents feature speeds up this process by identifying incidents with matching characteristics within the Incident Details pane. Each similar incident includes details such as impact, assignment, steps to resolve, and a summary describing why the incident was considered similar.
Similar incidents are chosen based on a similarity score. The score is calculated using similarity categories based on entity, problem, impact, and topology. A list of the incidents most similar to the selected incident is generated each time you access the Similar tab within the Incident Details Pane.
Use similar incidents to improve MTTR and help your team learn from past resolution steps.
Key Features
- Reference existing incidents from within the Incident Details pane.
- See at a glance how similar matched incidents are, and what elements matched.
- View the key outcomes and the root cause of similar incidents at a glance.
Relevant Permissions
Roles with the following permissions can view Similar Incidents:
| Role Name | Description |
|---|---|
| Environment - Incident Actions | Full access ability to perform actions on all enrichment tags and incidents in the specified environment. |
| Environment - View | Read-only access to all enrichment tags and incidents in the specified environment(s) without the ability to change or perform any incident action. |
See the Roles Management page to learn more about Environment permissions in BigPanda.
Similarity Calculation
The Similarity match percentage is calculated based on a group of similarity categories defined in the table below. For an incident to be considered similar, it must have a similarity score of at least 55 percent.
The Entity and Problem categories are required for an incident to be considered by the algorithm, and are weighted higher even when Impact and Topology are included.
Default Tags
Your organization may have a different set of default tags configured for these categories. The Example Default Tags listed in the table below are common tags many organizations include in use to define each category. You can choose to include or exclude tags as needed.
To adjust your category tags, contact BigPanda support.
| Category | Definition | Example Default Tags |
|---|---|---|
| Entity | The primary affected entity for each alert such as the host, node, device, or database. For certain alerts, the entity may be the application, container, endpoint, etc. This identifies the specific element experiencing the issue. | host node object |
| Problem | The specific issue observed for each alert, such as the check, alert title, or condition name. This details the nature of the detected failure. | check problem title |
| Impact | Any associated or dependent systems, applications, services, platforms, or clients/customers that may be affected by any of the alerts. This details the potential effects and reach of the problem. | app application service |
| Topology | Additional attributes about each of the affected entities that provide relational context, such as environment, datacenter, location, cloud provider, or cluster. This outlines the entity's physical or logical location within the IT environment. | dependency connected_to host_basename |
View Similar Incidents
To view Similar Incidents, navigate to the Incident Details pane and open the Similar tab.
Similar Incidents
The Similar tab displays the most relevant similar incidents from the selected time period. You can select incidents from up to 15 months ago. Similar incidents are ordered according to their similarity score, with the most similar incidents appearing first. See the Similarity Calculation section for more information about how the score is calculated.
If two incidents have the same similarity score, the most recent incident will appear in the list first. If there are no similar incidents, a “No results found” message will appear.
By default, only incidents from the last 30 days will appear in the list. Use the dropdown at the top right of the tab to define a custom time period.
Time Period
Similar Incidents searches any incidents that were active or updated 24 hours to 15 months before the tab is selected.
Incident Similarity Details
Within the Similar tab, each matched incident displays basic incident details, including the incident title, assignee, number of alerts, priority, comments, and shares. The right side of the ribbon displays information about why the incident was considered similar, including the similarity score, matched similarity categories, and a short summary.
Incident Similarity Details
To view additional details about why an incident was considered similar, click the incident ribbon in the list. This expands the matched incident details, where you can view additional information, including how closely the incident matches in each category, and an incident summary for each category.
Incident Similarity Window
To see more details for a similar incident, click Open Incident. This will open the incident in the Incident Details pane.
Updated 10 days ago