Similar Incidents

📘
Advanced Insight Module
This feature is part of the Advanced Insight Module. If your organization has not purchased this module, you may not have access to the feature.
If you are interested in upgrading to the Advanced Insight Module, contact your BigPanda account team.

Past incidents are a valuable source of information during the incident management process. Reviewing incidents with similar characteristics can help you understand recurring issues and accelerate the resolution process. However, this process can be very manual and time-consuming, requiring you to search through large groups of incidents to identify similarities.

Similar Incidents speeds up this process by identifying incidents with matching characteristics within the Incident Details pane. Each similar incident includes details such as impact, assignment, steps to resolve, and a summary describing why the incident was considered similar.

Similar incidents are chosen based on a similarity score. The score is calculated using similarity categories based on entity, problem, impact, and topology. A list of the incidents most similar to the selected incident is generated each time you access the Similar tab within the Incident Details Pane.

Use similar incidents to improve MTTR and help your team learn from past resolution steps.

👍
BigPanda University Advanced Insight Module course
You can learn more in the BigPanda University Advanced Insight Module course.
By the end of the course you will be able to:

Generate and review AI Analysis reports for your incidents that will help you reduce MTTR.

Review root cause change suspects and identify changes that are the root cause of incidents.

Compare incidents with similar characteristics to enhance context and resolve incidents faster.

Click here to enroll.

Key Features

Reference existing incidents from within the Incident Details pane.
See at a glance how similar matched incidents are, and what elements matched.
View the key outcomes and the root cause of similar incidents at a glance.

Relevant Permissions

Roles with the following permissions can view Similar Incidents:

Role Name	Description
Environment - Incident Actions	Full access ability to perform actions on all enrichment tags and incidents in the specified environment.
Environment - View	Read-only access to all enrichment tags and incidents in the specified environment(s) without the ability to change or perform any incident action.

See the Roles Management page to learn more about Environment permissions in BigPanda.

Similarity Calculation

The Similarity match percentage is calculated based on a group of similarity categories defined in the table below. For an incident to be considered similar, it must have a similarity score of at least 55 percent.

The Entity and Problem categories are required for an incident to be considered by the algorithm, and are weighted higher even when Impact and Topology are included.

🚧
Default tags
Your organization may have a different set of default tags configured for these categories. The Example Default Tags listed in the table below are common tags many organizations include in use to define each category. You can choose to include or exclude tags as needed.
To adjust your category tags, contact BigPanda support.

Category	Definition	Example Default Tags
Entity	The primary affected entity for each alert such as the host, node, device, or database. For certain alerts, the entity may be the application, container, endpoint, etc. This identifies the specific element experiencing the issue.	host node object
Problem	The specific issue observed for each alert, such as the check, alert title, or condition name. This details the nature of the detected failure.	check problem title
Impact	Any associated or dependent systems, applications, services, platforms, or clients/customers that may be affected by any of the alerts. This details the potential effects and reach of the problem.	app application service
Topology	Additional attributes about each of the affected entities that provide relational context, such as environment, datacenter, location, cloud provider, or cluster. This outlines the entity's physical or logical location within the IT environment.	dependency connected_to host_basename

View Similar Incidents

To view Similar Incidents, navigate to the Incident Details pane and open the Similar tab.

👍
Number of similar incidents
The number of similar incidents found within the past 30 days appears within both the Overview tab and on the Similar tab itself. This allows you to see if recent similar incidents are available prior to clicking the tab.

The Similar tab displays the most relevant similar incidents from the selected time period.

Similar incidents are ordered according to their similarity score, with the most similar incidents appearing first. See the Similarity Calculation section for more information about how the score is calculated.

If two incidents have the same similarity score, the most recent incident will appear in the list first. If no similar incidents exist, a “No results found” message will appear.

By default, only incidents from the last 30 days will appear in the list. Use the dropdown at the top right of the tab to select a predefined time period or choose a custom time period. You can select incidents from up to 15 months ago.

📘
Time Period
Similar Incidents searches any incidents that were active or updated 24 hours to 15 months before the tab is selected.

Incident Similarity Details

Within the Similar tab, each matched incident displays basic incident details, including the incident title, assignee, number of alerts, priority, comments, shares, resolver, and assignment group.

You can click the comment or share button to view the comments and shares. Click Open Incident to open the similar incident in a new tab.

The bottom portion of the ribbon displays information about why the incident was considered similar, including the similarity score, matched similarity categories, and a short summary.

To view additional details about why an incident was considered similar, click the bottom part of the ribbon. This expands the matched incident details, where you can view additional information, including how closely the incident matches in each category, and an incident summary for each category.

You can send feedback on the accuracy or helpfulness of the selected similar incident.

If the incident is similar, click Yes to let us know that the selection was helpful for your triage efforts.

If the incident was not similar or helpful, click No. You’ll then be prompted to provide feedback to let us know what was wrong.

To see more details for a similar incident, click Open Incident. This will open the incident in the Incident Details pane.

Recommended Actions

AI-generated recommended actions provide recommendations for incident tags, helping you speed up the triage process. The default tags used are priority and assignee.

👍
Customize tag recommendations
You can select up to five free-text or closed-value incident tags for recommendations. Multi-value or multi-select tags are not supported.
If you would like to customize the incident tags that appear in recommended actions, contact the BigPanda support team.

These recommendations are based on how similar incidents from the past 30 days were triaged.

📘
Similarity threshold
By default, similar incidents with less than a 30 percent similarity score will not be used to generate recommendations. If you would like to adjust the similarity threshold, contact BigPanda support.

When recommended actions are available, a purple banner will appear in the Overview tab.

Click the banner to open the Recommended actions window. This displays the recommendations and match score for each recommendation. Click See similar incidents to open the Similar tab.

📘
Regenerate analysis
If no recommended actions appear in the Overview tab, try regenerating the AI Analysis.