Incident Feed

The incident feed provides a consolidated view of all active incidents from any integrated monitoring systems. After you’ve configured your integrations, you can use the incident feed to manage your incidents.

Viewing the Incident Feed

BigPanda digests all the alerts from your integrated monitoring systems and intelligently correlates related alerts into incidents. Alerts are correlated and updated in real time, so your incident feed is always up to date with the latest system and application statuses.

  1. At the top of the screen, click the Incidents tab.
    By default, the incident feed displays all active incidents.
  2. (Optional) In the left pane, select an Environment.
  3. (Optional) In the left pane, select a folder.
  4. Review basic information about each incident.



Status Indicator

Displays a colored ribbon on the left to indicate the incident status, which is determined by the most severe status of the related alerts.

Number of Active Alerts

Counts the number of related alerts that are in the Critical or Warning state.

Priority (Beta)

Assigned level of importance (most important on top). Incidents that do not have a priority assigned will be listed at the bottom by Last Changed.
The priority feature is currently in Beta, contact [email protected] if you'd like to try it out.


Displays the type of monitoring tool (such as Nagios or Zabbix) and the integration name (such as Production) that the alerts came from.

Main Title

Shows why the alerts are correlated into an incident.


Summarizes the subjects (such as hosts or applications) that are part of the incident.

Last change, Created, or Duration

Shows information relevant to the current sort order. You can point to it to see more specific information. See Sorting Incidents.

  1. (Optional) Perform any of the available actions, such as Snooze, Share, or Comment.
    The number of existing shares and comments are displayed for each incident. You can click either number to view relevant details.


Viewing Incident Details

To view more information about an incident, click the incident in the feed. The incident details appear in the right pane. You can view related alert details, a timeline of the incident life cycle, sharing history, comments, and more. For more information, see Working With Incidents.

Selecting a Folder

A folder filters the incident feed by predefined criteria. You can select a folder to see all the incidents within an Environment that meet the folder criteria.

  1. From the incident feed, select an Environment in the left pane.
    The incident feed shows the active incidents in the Environment, and the list of available folders expands.
  2. In the left pane, select the folder with the desired criteria.




Incident has active alerts and is not snoozed.


Incident has active alerts and has not been shared or snoozed.


Incident is active, and has been shared with users manually or by AutoShare.


Incident is active, was snoozed, and is within the snooze period. When the snooze period elapses, the incident again appears in the Active folder and no longer appears in the Snoozed folder.

Resolved (24h)

Incident was marked as resolved within the past 24 hours. When an incident is reopened, it again appears in the Active folder and no longer appears in the Resolved folder.

Searching for Incidents

You can search for incidents that meet specific criteria within the selected Environment and folder.

  1. (Optional) Select an Environment and a folder.
  2. At the top of the incident feed, enter a keyword search term or exact phrase in quotes keyword search (term or exact phrase in quotes) or a query in BigPanda Query Language (BPQL).


Regular Expression Support

Both keyword search and BPQL support regular expressions. Use a regular expression by entering a slash (/) as the first and last character of your search term. For example, /prod-.*-[0-9]+/. Regex queries are limited to 32,000 characters and are case sensitive. See Elasticsearch Regular Expression Syntax and BPQL for more regex support.

  1. Click the search icon or press Enter.


Search Logic and Results

Enter a term or an exact phrase in quotes to perform a keyword search of the incidents in the selected Environment and folder. The search finds alerts with matching values in descriptions, source systems, and in any standard or custom tag (such as host, check, or status).

Use BPQL to search for values in a specific alert tag or to create an advanced query. You can search any standard or custom tags, define precise conditions with operators, and include multiple conditions.

  1. (Optional) Scroll down to view more results.

Prioritizing Incidents (Beta)



This feature is currently only available through the Beta program and is not released for general availability. To request access to the Beta program, contact [email protected].

You can assign a Priority incident tag to incidents in your incident feed to mark which incidents need attention first. Available priority levels are configured in the BigPanda Settings, in the Incident Tags section. To learn more about prioritizing incidents, see our Prioritizing Incidents user guide.

Sorting Incidents

The feed lists incidents that meet the current folder and search criteria. By default, the incidents are listed in order by when they were last changed, with the most recently changed incident on top. You can change the sort order of the incidents in your feed.

  1. From the incident feed, click the Sort icon beside the search field.
  2. Select the desired sort order.



Last Changed

Time of last change to incident (most recently changed on top). A change includes status changes on related alerts and the addition of new alerts to the incident.


Current status of the incident (most severe status on top, in the order: critical > warning > unknown > acknowledged > resolved). Secondary sorting is based on Last Changed.


Time the first alert on the incident was received (newest on top). The order is preserved even if the status of an incident changes.

No. of Alerts

Number of active alerts (highest number on top). Secondary sorting is based on Last Changed. In the Resolved folder only, the number of alerts is the total number of alerts, as no alerts are active on a resolved incident.


Amount of time that the incident has been open (longest on top). Secondary sorting is based on Last Changed.

Priority (Beta)

Assigned level of importance (most important on top). Incidents that do not have a priority assigned will be listed at the bottom by Last Changed.