Working with Incidents

View incident details in the BigPanda Incident Feed. Prioritize, merge, assign, resolve, snooze, share and comment on incidents to streamline your team's collaboration and resolve issues faster.

Viewing Incident and Alert Details

  1. Click on an incident in the feed.
    The incident details appear in the right pane.
  2. Click on a section to review detailed information about the selected incident.
  • Overview - Displays a snapshot of up-to-date, aggregated data from the alerts, changes and activity sections of the incident details pane. You can view all the incident's alerts and activity by clicking the View all links next to the Active Alerts and Recent Activity. You can also click the Investigate more link next to the Related Changes section to mark additional changes you suspect may be the Root Cause of the incident.
  • Alerts - Click on any alert to see a popup containing the alert's current status and additional details, including the duration (time since first event), the last time the status changed, and a clickable link (if applicable). You can drag the center divider to resize the incident feed, and columns in the Alerts section can be added, removed, or resized dynamically.
  • Topology - Displays a customizeable visual display of the links between the incident's alert tags, or Nodes.
  • Changes - Displays a consolidated record of all the system changes related to that incident. You can use BigPanda's OBML or manually correlate these changes with incidents using any one of the 3 possible correlation statuses from the dropdown: None (default), Suspect and Match.
  • Activity Feed - Displays all activity related to the incident, including when the incident was created, resolved (automatically or manually), reopened, AutoShared or manually shared (with the sharing channel, recipient, and link to the external ticket, if applicable), snoozed, snooze ended (canceled or period expired), entered a Flapping state, and commented upon. The feed is sorted with the most recent event on top.

Assigning Priority

You can assign a Priority incident tag to incidents in your incident feed to mark which incidents need attention first. To assign priority to an incident, select one of the priorities from the dropdown next to the alert count of the incident.
The Priority tag is configured in the Incident Tags section of the BigPanda Settings. To learn more about prioritizing incidents, see our Prioritizing Incidents user guide.

Visualizing the Incident Life Cycle

The timeline lets you visualize the life cycle of an incident, which helps you understand how the incident has unfolded without sifting through alert messages and piecing together the fragments manually.

  1. Click an incident in the feed.
    The incident details appear in the right pane.
  2. In the top right of the incident details pane, click Timeline.
    The incident timeline shows the history of status changes for every alert that is related to the incident. Each dot on the timeline represents a status change for a related alert.
  3. (Optional) To see the complete details for an alert at any point in its life cycle, click a dot on the timeline. Then, click the arrows to step through the details of every status change for the alert.

Sharing Incidents

Inform key team members or drive collaboration in external tools by sharing Incidents from BigPanda.

Shared incidents include detailed information on the incident including the status, timeline, and information on each active alert in the incident. The share will also include links to the BigPanda incident and timeline, and a simplified Incident Preview for easy review. Once shared, recipients will be updated as the incident changes status or is acknowledged or snoozed in BigPanda.

By default, BigPanda can share incidents through email or SMS. Additional sharing channels can be configured to send BigPanda incidents to your team’s ticketing and collaboration systems. To learn more about setting up sharing channels, see the Managing Incident Sharing documentation.

Some incidents may automatically be shared with specific recipients when they meet certain conditions using AutoShare. To learn more about creating AutoShare rules for incidents, see the Managing Incident Sharing documentation.

To learn more about sharing Incidents, see the Sharing Incidents documentation.

Commenting on Incidents

Collaborate with team members by viewing and contributing to comments for an incident.

  1. Click the Comments icon on an incident or select an incident and click the Comments icon at the top right of the incidents details pane.
  2. Add a comment or view previous comments from your colleagues.
    Search for a specific comment using the Search bar at the top of the incident feed or in BigPanda's Search tab.

Snoozing Non-Urgent Incidents

Snoozing non-urgent incidents can help keep your team focused on the right issues at the right time. For example, a low disk space issue can often wait for weeks before it becomes urgent. If you are not planning to do anything about a low priority issue right now, it can be helpful to get it out of the way. You can snooze incidents for various periods of time.

  1. When a new incident appears in the incident feed, consider whether it is immediately actionable.
  2. For non-urgent incidents, point to the incident, and then click the bell icon.
  3. Select the snooze options:
  • Snooze for—select the period of time to snooze the incident.
  • Annotate this snooze—(optional) enter an annotation for the snooze. The annotation appears in the activity feed for the incident.
  • Cancel snooze on new alerts or critical updates—select the check box to automatically cancel the snooze if:
    • A new alert is added.
    • The severity of an existing alert increases. For example, an alert changes from warning to critical.
    • The incident is resolved.

Clear the check box to keep the incident snoozed until the snooze period elapses, regardless of updates to the incident.

  1. Click Snooze.
    The incident no longer appears in the incident feed. When the Snooze period ends, the incident again appears in the active feed.

Viewing Snoozed Incidents

To see all the snoozed incidents, click the Snoozed folder in the left pane. To cancel the snooze or to change the snooze period, click the bell icon.

Cancelling Snooze

To cancel Snooze, click Undo. This option is available for 5 seconds after you snooze an incident. You can change snooze options anytime from your Snoozed folder.

Resolving Incidents

Most BigPanda incidents will resolve automatically when all alerts within the incident are marked ‘ok’ by the monitoring system. If an alert never receives an ‘ok’ status from the monitoring system, the incident will remain open within BigPanda.

If an incident is tied to a resolved issue, but has not been resolved in BigPanda, you are able to manually resolve incidents right within BigPanda. Resolving incidents keeps your BigPanda dashboard clean and keeps your team focused on active issues.

Incidents can be resolved from the incident details pane on the Incidents tab.

Resolving IncidentsResolving Incidents

Resolving Incidents

  1. Select the incident
  2. Click the check mark Resolve incident icon in the top right of the incident details pane
  3. (Optional) Add a note to let your team know why you are resolving this incident
  4. Click Resolve

The incident will be resolved in BigPanda, updating any share recipients of the new status, and adding a “Resolved Manually” note to the activity log.

If any of the alerts within the incident are reopened, the incident will also reopen as normal. Learn more about what triggers incidents and alerts to reopen in the Incident Lifecycle documentation.

Performing Actions on Multiple Incidents

The bulk actions pane appears and shows the number of incidents selected and the actions you can perform.The bulk actions pane appears and shows the number of incidents selected and the actions you can perform.

The bulk actions pane appears and shows the number of incidents selected and the actions you can perform.

You can prioritize (in beta), merge, assign, resolve, snooze, comment on or share multiple incidents at the same time with the bulk actions pane.

  1. (Optional) Perform a search to show all applicable incidents in the feed.


You can perform bulk actions only on incidents that appear in the feed at the same time. The bulk actions pane covers the search bar, preventing you from doing searches after selecting incidents.

  1. Select the check box beside each relevant incident.
  • To select consecutive incidents, select the first incident, then press Shift and select the last incident. The incidents and all incidents between them are selected.
  • To see the details in the right pane, click an incident in the feed.


Clearing Selections to Enable Actions on Incidents

To clear all incident check boxes without performing an action, click the Deselect all check box in the bulk actions pane. You must clear all selections to hide the bulk actions pane and enable the actions on individual incidents.

  1. Click the icon for the action you want to perform.
  • Merge - Group incidents together to be handled as one incident.
  • Assign - Assign the incident to an owner who will be responsible for seeing it through to resolution.
  • Resolve - Mark the issue Resolved.
  • Snooze - Snooze active incidents; cancel or change the settings for snoozed incidents.
  • Comment - Add a comment or view previous comments from your colleagues.
  • Share - Share an incident to collaborate with key team members.
  1. Fill in the details and complete the action as you would for a single incident.

Prioritizing Multiple Incidents (Beta)

If you are using the BigPanda Beta, you can also prioritize multiple incidents to mark which need to be addressed first. To assign priority to more than one incident at a time, mark the checkboxes next to the relevant incidents in your incident feed and select a priority from the dropdown.

Creating Maintenance Plans

Maintenance Plans reduce noice by marking and filtering alerts triggered by system maintenance. Alerts marked for maintenance are hidden and do not affect the incident's status unless all the alerts in the incident are marked for maintenance. In this case, incidents are stored in the Maintenance section of the left pane.
To learn more about maintenance plans, see our Maintenance Plans V2 (Beta) guide.