DocumentationSDK RecipesChangelogValidio APIValidio SDKValidio IaC
HomeRequest DemoContact
Documentation
HomeRequest DemoContact
  1. Incidents & Errors
  2. About Incidents

Reviewing Incident Groups

Review the status of all the incidents on your sources.

The Incidents page gives an overview of the incident groups on all of your Sources. You can use the Incidents page to review the status of incident groups, assign ownership, and then delve into detailed information for each group.

Global Incidents page with tooltip for a datapoint

Time to Resolution

The Time to resolution graph displays a summary of the current statuses of incidents and the incident resolution over time. The Time to resolution metric is calculated when you change the status of at least one incident to False Positive or Resolved. You can hover on days in the graph to see the total number of incidents and the time to resolution for that day. The granularity of the graph depends on the time range settings of the view.

Incidents Table

The incidents table lists all of the incidents that occurred over the selected time range and includes information described in the following table:

Column NameDescription
IncidentsHistogram of the severity with count of the incidents in the group.
GroupThe incident group organized by validator. Click the incident group name to open the group details page. See Managing Incidents.
NamespaceThe namespace the incident belongs to.
SourceThe source where the incident group occurred. Click the source to navigate to its details page.
StatusThe progress of the incident resolution: Triage, Investigating, Resolved, and False positive (not an anomaly).
PriorityThe priority (Critical, High, Medium, Low, None) inherited from the source or validator.
OwnerThe user assigned to troubleshoot the incident.
First seenThe start time when the first incident in the group occurred.
Last seenThe start time when the last incident in the group occurred.
TagsTags added to the incident, if any.
Muting optionsMute future notifications. See Muting Incident Notifications

Filter the Incidents List

Filtering options for Incidents page

The Incidents page is filtered rather than searched — it has no free-text search box. Apply filters to focus your investigation:

  • Priority — Critical, High, Medium, Low, or None.
  • Status — Triage, Investigating, Resolved, or False positive.
  • Owner — the user assigned to the incident group.
  • Source — limit to incidents from specific sources (for example, gold__sales_summary).
  • Namespace — the namespace the incidents belong to.
  • Validator type — the type of validator that detected the incidents.
  • Tags — tags applied to the incidents.
  • Segmentation — which segmentation the incidents belong to.
  • Segment value — match incidents by the value of specific segment fields (see Filter by Segment Value).
  • Time range — adjust to view recent incidents or a specific timeframe.

If a filter has no values to select, it does not appear. For filter operators (Any of, All of, None of) and saving filter combinations as views, see Searching, Filtering, and Saving Views.

Filter by Segment Value

The Segment value filter narrows the list to incidents on specific segments of your data. Select a segment field and one or more of its values, and click + Add field to add more fields. Within a single field, an incident matches if it has any of the selected values (OR); across multiple fields, an incident must match all of them (AND).

Actions and Updates

You can update the muting duration, owner, and status of incidents in a bulk action or for individual incidents.

Bulk actions for Incident list

Update Muting Duration

Muting silences repeated notifications from any incidents created in the incident group for a period of time or until you unmute. For more information, see Muting Incident Notifications.

To update the muting duration for one or more incidents:

  1. Click the bell icon to open the Mute incident group menu.
  2. Select a preset time range or enter a custom time range.

Update the Incident Owner

To update or assign an owner to one more more incidents:

  1. Check the box for each incident you want to update.
  2. Click Assign owner.
  3. Select the new owner to apply to all selected incidents.

Update the Incident Status

All new incidents are assigned the Triage status. To update the status of one or more incidents:

  1. Check the box for each incident you want to update.
  2. Click Update status.
  3. Select the new status (Investigating, Resolved, or False Positive) to apply to all selected incidents.