Working with Incidents

View incident details in the BigPanda Incident Feed. Prioritize (beta only), merge, assign, resolve, snooze, share and comment on incidents to streamline your team's collaboration and resolve issues faster.

Viewing Incident and Alert Details

  1. Click on an incident in the feed.
    The incident details appear in the right pane.
  2. Click on a section to review detailed information about the selected incident.
  • Overview - Displays a snapshot of up-to-date, aggregated data from the alerts, changes and activity sections of the incident details pane. You can view all the incident's alerts and activity by clicking the View all links next to the Active Alerts and Recent Activity. You can also click the Investigate more link next to the Related Changes section to mark additional changes you suspect may be the Root Cause of the incident.
  • Alerts - Click on any alert to see a popup containing the alert's current status and additional details, including the duration (time since first event), the last time the status changed, and a clickable link (if applicable). You can drag the center divider to resize the incident feed, and columns in the Alerts section can be added, removed, or resized dynamically.
  • Topology - Displays a customizeable visual display of the links between the incident's alert tags, or Nodes.
  • Changes - Displays a consolidated record of all the system changes related to that incident. You can use BigPanda's OBML or manually correlate these changes with incidents using any one of the 3 possible correlation statuses from the dropdown: None (default), Suspect and Match.
  • Activity Feed - Displays all activity related to the incident, including when the incident was created, resolved (automatically or manually), reopened, AutoShared or manually shared (with the sharing channel, recipient, and link to the external ticket, if applicable), snoozed, snooze ended (canceled or period expired), entered a Flapping state, and commented upon. The feed is sorted with the most recent event on top.

Assigning Priority (Beta)

🚧

Disclaimer

This feature is currently only available through the Beta program and is not released for general availability. To request access to the Beta program, contact [email protected].

You can assign a Priority incident tag to incidents in your incident feed to mark which incidents need attention first. To assign priority to an incident, select one of the priorities from the dropdown next to the alert count of the incident.
The Priority tag is configured in the Incident Tags section of the BigPanda Settings. To learn more about prioritizing incidents, see our Prioritizing Incidents user guide.

Visualizing the Incident Life Cycle

The timeline lets you visualize the life cycle of an incident, which helps you understand how the incident has unfolded without sifting through alert messages and piecing together the fragments manually.

  1. Click an incident in the feed.
    The incident details appear in the right pane.
  2. In the top right of the incident details pane, click Timeline.
    The incident timeline shows the history of status changes for every alert that is related to the incident. Each dot on the timeline represents a status change for a related alert.
  3. (Optional) To see the complete details for an alert at any point in its life cycle, click a dot on the timeline. Then, click the arrows to step through the details of every status change for the alert.

Sharing Incidents with Co-Workers

Share an incident from BigPanda to keep key team members informed so you can collaborate on a solution. You can configure additional sharing channels—such as Slack, JIRA or PagerDuty—and rules for sharing incidents automatically. For more information, see the Sharing Incidents guide.

  1. In the incident feed, click the Share icon on an incident.
    Alternatively, select an incident, and then click the Share icon at the top right of the incident details pane.
  2. Select the sharing channel and enter the recipients.
    For example, select Email, and then select several other BigPanda users. Or, manually enter the email address for a contact who does not have access to BigPanda. The recipients receive an email notification about the incident.
  3. (Optional) Enter an annotation for the share.
    Consider adding an annotation that helps team members understand why you are sharing the incident with them. The annotation appears in the activity feed for the incident.

Commenting on Incidents

Collaborate with team members by viewing and contributing to comments for an incident.

  1. Click the Comments icon on an incident or select an incident and click the Comments icon at the top right of the incidents details pane.
  2. Add a comment or view previous comments from your colleagues.
    Search for a specific comment using the Search bar at the top of the incident feed or in BigPanda's Search tab.

Snoozing Non-Urgent Incidents

Snoozing non-urgent incidents can help keep your team focused on the right issues at the right time. For example, a low disk space issue can often wait for weeks before it becomes urgent. If you are not planning to do anything about a low priority issue right now, it can be helpful to get it out of the way. You can snooze incidents for various periods of time.

  1. When a new incident appears in the incident feed, consider whether it is immediately actionable.
  2. For non-urgent incidents, point to the incident, and then click the bell icon.
  3. Select the snooze options:
  • Snooze for—select the period of time to snooze the incident.
  • Annotate this snooze—(optional) enter an annotation for the snooze. The annotation appears in the activity feed for the incident.
  • Cancel snooze on new alerts or critical updates—select the check box to automatically cancel the snooze if:
    • A new alert is added.
    • The severity of an existing alert increases. For example, an alert changes from warning to critical.
    • The incident is resolved.

Clear the check box to keep the incident snoozed until the snooze period elapses, regardless of updates to the incident.

  1. Click Snooze.
    The incident no longer appears in the incident feed. When the Snooze period ends, the incident again appears in the active feed.

Viewing Snoozed Incidents

To see all the snoozed incidents, click the Snoozed folder in the left pane. To cancel the snooze or to change the snooze period, click the bell icon.

Cancelling Snooze

To cancel Snooze, click Undo. This option is available for 5 seconds after you snooze an incident. You can change snooze options anytime from your Snoozed folder.

Performing Actions on Multiple Incidents

The bulk actions pane appears and shows the number of incidents selected and the actions you can perform.

You can prioritize (in beta), merge, assign, resolve, snooze, comment on or share multiple incidents at the same time with the bulk actions pane.

  1. (Optional) Perform a search to show all applicable incidents in the feed.

❗️

You can perform bulk actions only on incidents that appear in the feed at the same time. The bulk actions pane covers the search bar, preventing you from doing searches after selecting incidents.

  1. Select the check box beside each relevant incident.
  • To select consecutive incidents, select the first incident, then press Shift and select the last incident. The incidents and all incidents between them are selected.
  • To see the details in the right pane, click an incident in the feed.

❗️

Clearing Selections to Enable Actions on Incidents

To clear all incident check boxes without performing an action, click the Deselect all check box in the bulk actions pane. You must clear all selections to hide the bulk actions pane and enable the actions on individual incidents.

  1. Click the icon for the action you want to perform.
  • Merge - Group incidents together to be handled as one incident.
  • Assign - Assign the incident to an owner who will be responsible for seeing it through to resolution.
  • Resolve - Mark the issue Resolved.
  • Snooze - Snooze active incidents; cancel or change the settings for snoozed incidents.
  • Comment - Add a comment or view previous comments from your colleagues.
  • Share - Share an incident to collaborate with key team members.
  1. Fill in the details and complete the action as you would for a single incident.

Prioritizing Multiple Incidents (Beta)

If you are using the BigPanda Beta, you can also prioritize multiple incidents to mark which need to be addressed first. To assign priority to more than one incident at a time, mark the checkboxes next to the relevant incidents in your incident feed and select a priority from the dropdown.

Creating Maintenance Plans

Maintenance Plans reduce noice by marking and filtering alerts triggered by system maintenance. Alerts marked for maintenance are hidden and do not affect the incident's status unless all the alerts in the incident are marked for maintenance. In this case, incidents are stored in the Maintenance section of the left pane.
To learn more about maintenance plans, see our Maintenance Plans V2 (Beta) guide.

Updated 3 months ago


Working with Incidents


View incident details in the BigPanda Incident Feed. Prioritize (beta only), merge, assign, resolve, snooze, share and comment on incidents to streamline your team's collaboration and resolve issues faster.

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.