Reviewing Incident Groups
Review the status of all the incidents on your sources.
The Incidents page gives an overview of the incident groups on all of your Sources. You can use the Incidents page to review the status of incident groups, assign ownership, and then delve into detailed information for each group.
Global Incidents page with tooltip for a datapoint
Time to Resolution
The Time to resolution graph displays a summary of the current statuses of incidents and the incident resolution over time. The Time to resolution metric is calculated when you change the status of at least one incident to False Positive or Resolved. You can hover on days in the graph to see the total number of incidents and the time to resolution for that day. The granularity of the graph depends on the time range settings of the view.
Incidents Table
The incidents table lists all of the incidents that occurred over the selected time range and includes information described in the following table:
| Column Name | Description |
|---|---|
| Incidents | Histogram of the severity with count of the incidents in the group. |
| Group | The incident group organized by validator. Click the incident group name to open the group details page. See Managing Incidents. |
| Namespace | The namespace the incident belongs to. |
| Source | The source where the incident group occurred. Click the source to navigate to its details page. |
| Status | The progress of the incident resolution: Triage, Investigating, Resolved, and False positive (not an anomaly). |
| Priority | The priority (Critical, High, Medium, Low, None) inherited from the source or validator. |
| Owner | The user assigned to troubleshoot the incident. |
| First seen | The start time when the first incident in the group occurred. |
| Last seen | The start time when the last incident in the group occurred. |
| Tags | Tags added to the incident, if any. |
| Muting options | Mute future notifications. See Muting Incident Notifications |
Filter the Incidents List
Filtering options for Incidents page
On the Incidents page, apply filters (Priority, Status, Owner, Source, Validator Type, Namespace, Tag, and Segment) to focus your investigation. For example,
- Source filter: If you have multiple sources configured, select your specific source (e.g.,
gold__sales_summary) - Severity filter: Focus on critical and high-severity incidents first
- Time range: Adjust to view recent incidents or specific timeframes
If there are no options to select, the filter will not be available. You can also filter incidents by selecting a different time range.
Actions and Updates
You can update the muting duration, owner, and status of incidents in a bulk action or for individual incidents.
Bulk actions for Incident list
Update Muting Duration
Muting silences repeated notifications from any incidents created in the incident group for a period of time or until you unmute. For more information, see Muting Incident Notifications.
To update the muting duration for one or more incidents:
- Click the bell icon to open the Mute incident group menu.
- Select a preset time range or enter a custom time range.
Update the Incident Owner
To update or assign an owner to one more more incidents:
- Check the box for each incident you want to update.
- Click Assign owner.
- Select the new owner to apply to all selected incidents.
Update the Incident Status
All new incidents are assigned the Triage status. To update the status of one or more incidents:
- Check the box for each incident you want to update.
- Click Update status.
- Select the new status (Investigating, Resolved, or False Positive) to apply to all selected incidents.
Updated 9 days ago