--- title: "The Incidents Tab" slug: "the-incidents-tab" excerpt: "The Incidents tab provides a centralized place to manage your BigPanda incidents." hidden: false ---
New Incident Console
The New Incident Console now available! The new version of the console brings you:
improved load times
streamlined design
dark mode
custom layouts
select-all functionality
and more!
See the New Incident Console documentation to learn more.
Incident information in BigPanda can be managed from a centralized location in the Incidents tab within the UI. You can organize, assign, investigate, and escalate incidents as necessary to facilitate a quick resolution.
The Environments pane organizes your incidents by environment, group, and status. Within the Incident Feed, you can easily see all of the incidents within a chosen environment, or search for incidents. The Incident Details pane provides information about a specific incident from the Incident Feed.
For more information about Incidents, see the Incidents in BigPanda documentation.
 |
The Incidents Tab
Field | Description | Related Links |
|---|---|---|
1 - Environments Pane | Lists the Environments and folders that you can use to filter the incident feed. | |
2 - Incident Feed | Provides a consolidated view of related incidents. You can filter the incident feed by searching or by selecting an Environment and a folder. | |
3 - Incident Details | Shows detailed information about the incident selected in the incident feed. You can view details of the related alerts, view the incident life cycle on a timeline, and more. |
Environments Pane
Environments filter incidents on properties such as source and priority and group them together for easy visibility and action. Environments make it easy for your team to focus on the incidents relevant to their role and responsibilities. Environments can be used to filter the incident feed, or to create dashboards, set up sharing rules, and simplify incident search.
 |
The Environments Pane
Field | Description | Related Links |
|---|---|---|
1 - Environment Filter | Allows you to filter the Environments pane by folder or group. | |
2 - Starred Environments | Environments that were starred appear at the top of the pane. | |
3 - Environment Groups | Environment Groups organize your environments by common functions or properties, for example, business services, teams, and infrastructure areas. | |
4 - Environment Folder | Each environment is pre-sorted into status folders: Active, Unhandled, Shared, Snoozed, and Resolved. Incidents that fit the environment rules will be automatically placed in their respective status folder(s). | |
5 - Create a New Environment | Click the + New Environment button to add a new Environment. |
Incident Feed
The incident feed provides a consolidated view of all active incidents from any integrated monitoring systems. After you’ve configured your integrations, you can use the incident feed to manage your incidents.
 |
The Incident Feed
Field | Description | Related Links |
|---|---|---|
1 - Incident Search | Used to search for incidents. | |
2 - Status Indicator | Displays a colored ribbon on the left to indicate the incident status, which is determined by the most severe status of the related alerts. | |
3 - Number of Active Alerts | Counts the number of related alerts that are in the Critical or Warning state. | |
4 - Priority | Assigned level of importance (most important on top). Incidents that do not have a priority assigned will be listed at the bottom by Last Changed. | |
5 - Primary property | Shows why the alerts are correlated into an incident. By default, the primary property is defined as one of the following: host, service, application, or device. | |
6 - Secondary property | Summarizes the subjects (such as hosts or applications) that are part of the incident. By default, the secondary property is defined as one of the following: check or sensor. | |
7 - Last change, Created, or Duration | Shows information relevant to the current sort order. You can point to it to see more specific information. See Sorting Incidents. | |
8 - Incident Actions | The action icons allow you to resolve, snooze, comment on, or share an incident. |
Incident Details Pane
The Incident Details pane provides a comprehensive view of all information related to an incident. Use the Incident Details pane to view incident history and take action on incidents.
 |
The Incident Details Pane
Field | Description | Related Links |
|---|---|---|
1 - Assign Incident | Allows you to assign or update the owner of the incident. | |
2 - Incident Actions | Provides access to the available actions for an incident, such as Resolve, Snooze, Comment, and Share. | |
3 - Status Indicator | Displays a colored ribbon on the left to indicate the incident status, which is determined by the most severe status of the related alerts. | |
4 - Priority | Allows you to view or change the priority of the incident. | |
5 - Primary property | Shows why the alerts are correlated into an incident. By default, the primary property is defined as one of the following: host, service, application, or device. | |
6 - Secondary property | Summarizes the subjects (such as hosts or applications) that are part of the incident. By default, the secondary property is defined as one of the following: check or sensor. | |
7 - Timeline | Allows you to visualize the life cycle of an incident on a timeline, which helps you understand how the incident has unfolded. | |
8 - Expand | Allows you to expand the incident details pane to single pane view. | |
9 - Tabs | The Overview tab, Alerts tab, Topology tab, Changes tab, and Activity tab are accessible from the center of the Incident Details screen. |
Timeline
 |
The Timeline
The timeline view is accessed within the Incident Details pane. On the right side of the pane, click the blue Timeline button. The timeline visually displays incident information and changes over time. It also shows the time when the first alert was received (incident start time) and the time when the incident was resolved (incident end time), or the current time if the incident is still active.
To see the complete details for an alert at any point in its life cycle, click a dot on the timeline. Then, click the arrows to step through the details of every status change for the alert.
Item | Description | Related Links |
|---|---|---|
Incident Status | Displays a colored ribbon on the left to indicate the incident status, which is determined by the most severe status of the related alerts. The timeline displays a maximum of 70 status changes at a time. | |
No. of Alerts | Counts the total number of alerts that the incident contains, regardless of the current status of the alerts. | |
System | Shows the type of monitoring tool (such as Nagios or Zabbix) and the integration name (such as Production) that the events came from. | |
Primary Property | Shows why the alerts are correlated into an incident. By default, the primary property is defined as one of the following: host, service, application, or device. | |
Secondary Property | Summarizes the subjects (such as hosts or applications) that are part of the incident. By default, the secondary property is defined as check or sensor. | |
Last Change | Calculates the amount of time since the last change to the incident. This calculation includes status changes on related alerts and the addition of new alerts to the incident. | |
Timeline | Shows the history of status changes for every alert that the incident contains. Each row represents the history for an individual alert. | |
Status Change | Displays a colored dot that represents a status change for the related alert. Click a dot to view the alert details at the time of the status change. Then, click the arrows to step through the details of every status change for the alert. | |
Alert List | Lists basic information about each alert that the incident contains, including a colored dot on the left to indicate the current status of the alert. The Timeline displays a maximum of 35 unique alerts at a time. | |
Current Statuses | Counts the number of related alerts that are in each of the current states: Critical, Warning, Ok (resolved), and Ack (acknowledged or maintenance). | |
Incident Start Time | Shows the time when the earliest alert was received. | |
Incident End or Current Time | Shows the time when the incident was resolved (incident end time) or the current time if the incident is still active. |
Navigate the Alerts Tab
The Alerts Tab
Click any alert within the table to view additional details. The details that appear can be configured by your BigPanda administrator. See Manage Alert Views for information on tailoring the alert view.
Item | Description | Related Links |
|---|---|---|
No. Of Active Alerts | Counts the number of related alerts that are in the Critical or Warning state. Click the checkbox to view only Active alerts. | |
No. of Maintenance Alerts | Counts the number of related alerts that are associated with a Maintenance Plan. Click the checkbox to view only Maintenance alerts. | |
No. of Resolved Alerts | Counts the number of related alerts that have been Resolved. Click the checkbox to view only Resolved alerts. | |
Split | Multiple incident alerts can be split off and handled as a new incident. | |
Status Indicator | Displays a colored dot on the left to indicate the current status of a related alert. | |
Link | Displays a clickable link icon if the alert contains any links to more information, such as runbooks or time-series metrics. | |
System | Shows the type of monitoring tool (such as Nagios or Zabbix) and the integration name (such as Production) that the events came from. | |
Alert Data | Displays the data for each related alert in a table. The column headers show the tag names and the rows show the tag values. You can drag the center divider to resize the incident feed, and columns are added, removed, or resized dynamically as space allows. | |
Duration | Shows the amount of time since the first event for each alert. | |
Last Change | Shows the time of the last status change for each alert. |
Topology Tab
 |
The Topology Tab
The Topology tab within the Incident Details pane provides access to the Topology graph for the incident. The Topology graph is a customizable visual display of the links between the incident's alert tags, or nodes.
Each node on the topology graph represents an alert’s tag value. The tags present in the incident are labeled by type and displayed as icons in the Topology graph.
The numbers in the corners of the nodes indicate the frequency with which each unique tag and value appears in the incident. The more times a tag appears, the higher the likelihood that it’s a contributor to the root cause of the incident.
The lines connecting the nodes in the graph indicate that the linked nodes appear in the incident’s alerts together. Examining nodes with the most links can provide valuable insight into the possible root cause of the incident.
 |
The Topology Graph
By default, BigPanda connects all the correlation tags into a circle. All the primary tags (ie: host) are connected to their associated correlation tags and the secondary tags (ie: check) are connected to their primary tags.
API Configuration Override
Customizing the graph using the Topology UI API will override BigPanda's default configuration.
The default icons that comprise the Topology graph are permanent and pre-defined by BigPanda. Additional configurable fallback icons are provided to allow users to define their own custom nodes.
The following are the nine permanent icons provided by BigPanda to represent the Topology node tag types:
Icon | Type | Associated Tags | |
|---|---|---|---|
| server | 'server', 'servers', 'host', 'hosts', 'hostname', 'hostnames', 'host_name', 'host_names', 'device', 'devices', 'instance', 'instances', 'object', 'objects', 'node', 'nodes' | |
| location | 'location', 'locations', 'datacenter', 'datacenters', 'dc', 'store', 'stores', 'site', 'site_code', 'store_id', 'region', 'regions', 'city', 'country', 'geo' | |
| check | 'check', 'checks', 'trigger', 'triggers', 'alert_type', 'alert_name', 'health_rule', 'summary', 'monitor', 'health_rules', 'title', 'titles' | |
| environment | 'environment', 'environments', 'env', 'envs', 'tier', 'tiers', 'stage' | |
| application | 'application', 'applications', 'app', 'apps', 'service', 'services', 'business_service' | |
| IP | 'ip_address', 'ipaddress', 'ipaddresses', 'ip_class_b', 'ip_class_c', 'ip' | |
| router | 'router', 'routers', 'switch', 'switches', 'hub', 'repeater', 'bridge', 'gateway' | |
| cluster | 'rack', 'cluster', 'clusters', 'tower', 'towers' | |
| team | 'owner', 'owners', 'team', 'teams', 'group', 'groups', 'assignment_group', 'responsible_group' |
 |
Topology Filters
[block:image]
{
"images": [
{
"image": [
"https://files.readme.io/845ed0f-Topology_Filters.png",
"Topology Filters"
],
"align": "center",
"border": true,
"caption": "Topology Filters"
}
]
}
[/block]The node filtering options at the top of the Topology tab can be used to show/hide the nodes in the graph according to their corresponding tag type. The numbers beside the nodes in the filter represent the frequency with which the node appears in the topology graph.
Navigate the Changes Tab
Advanced Insight Module
This feature is part of the Advanced Insight Module. If your organization has not purchased this module, you may not have access to the feature.
If you are interested in upgrading to the Advanced Insight Module, contact your BigPanda account team.
The Changes Tab
The change table contains columns that provide background information on the change.
Column | Description |
|---|---|
Status | The status of the change can be Planned, In Progress, Done. Canceled changes persist in BigPanda but are not displayed in the change table. |
Key | The key is the original ID from the integrated change. Click the hyperlinked change ID in the Key column of the table to view changes in the external change feed. |
Summary | A short description of the change. |
Start Time/End Time | The timestamps marking the duration of the change. |
Root Cause | Changes that may be a suspected or matched root cause of the incident can be marked manually. |
You are able to change the size and order of the columns within the change table. Hover over the space between column names to bring up the dividing line or the 6 dots.
To resize a column, click and drag the dividing line to the desired column width
To move a column, click and drag the 6 dots icon to the desired column placement
Show Potential RCC Only Toggle
Use the Show potential RCC only toggle to limit the change table to only show changes BigPanda has found highly correlated with the incident.
Click on any one of the changes in the table to see a pop-up with the full list of tags and other data associated with the change.
 |
Change Info - BigPanda Suggestion
If the BigPanda change correlation algorithm marked the change as a suspected match, it will include a note about why the algorithm suspects the change. Hover over the information icon beside the note to get more details about why BigPanda suspects that change.
Suspect Changes
BigPanda will only mark changes as Suspect (and not Match) to give users the final say on whether or not the change is the root cause of the incident.
Activity Tab
 |
The Activity Tab
The Activity tab within the Incident Details pane provides information about activities that occurred within an incident. Within this tab, you can view and add comments, see previous incident actions, and view status changes such as flapping, resolve, reopen, and auto-resolution.
Recent Activities
Only the 1000 most recent activities appear in the BigPanda UI. If an incident has more than 1000 activities, all of them can be retrieved using the Get Activities API.
Item | Description | Related Links |
|---|---|---|
Hide Status Activities | Allows you to hide Resolved, Reopened, and Flapping activities. | |
Comment Field | Allows you to comment on the incident. Comments are added as events in the activity feed. | |
Event Indicator | Displays an icon beside each item in the event list to indicate the type of event. See Event Indicators below for a description of each icon. | |
Username | Shows the user who made the update, if applicable. | |
Event Time | Shows the exact time the event occurred. | |
Event Type | Shows the type of event that occurred. | |
Event Details | Shows more information about the event, depending on the event type. For example: For sharing events, shows the channel, recipients, and annotation, if applicable. If the recipient is an external ticketing system, provides a link directly to the ticket (for example, a JIRA ticket). For snoozed events, shows the ending time of the snooze period. For comment events, shows the comment text. | |
Day Separator | Indicates the day the preceding events occurred, if the list of events spans more than one calendar day. Because the event list is sorted with the most recent event on top, the day separator appears below the events that occurred on a given day. |
Event Indicators
 |
Incident Actions Icons
Incident Action | Icon |
|---|---|
Manually Resolved | Green checkmark |
Shared | Blue arrow |
AutoShared | Blue double arrows |
Commented | Yellow dialog box |
Snoozed | Yellow bell |
Assigned | Grey bust with plus |
Merged | Blue many to one arrow |
Split | Blue one to many arrows |
 |
Status Change Icons
Incident Action | Icon |
|---|---|
Created | Orange dot |
Resolved | Green dot |
Reopened | Orange dot |
Flapping | Orange and green dots |
 |
RCC Activity Icons
Incident Action | Icon |
|---|---|
Marked Change | Purple dot |
 |
Incident Tags Activity Icons
Incident Action | Icon |
|---|---|
Updated a Multi-select Field | Grey bullet point lines |
Updated a Single String Field | Grey paragraph lines |
Next Steps
Learn more about Incidents in BigPanda
Learn about navigating the Unified Search Tab
Dig into how Incidents are created with BigPanda AIOps