Create incidents manually

Splunk On-Call offers the ability to manually trigger a new incident from within the application.

Splunk On-Call offers the ability to manually trigger a new incident from within the application. This option is available for both the web portal and mobile applications.

Note the following:

  • Currently, manual incidents are created outside of the rules engine flow. Rules engine rules will not affect manual incidents.

  • A user must be a member of at least one team in order to directly page them via manual incident.

  • Manual incidents trigger personal paging policies the same way that any other incident does. Unlike incidents created by monitoring tools, manual incidents can be routed to individuals, groups of individuals, or directly to an existing escalation policy.

Manually create an incident from the web portal

  1. Navigate to your team dashboard and view the Team Incidents table. Select Create Incident.The Create Incident button in on your Team Dashboard.

  2. To create the incident, complete the fields in the form.Complete all the fields.

    1. For Teams / Policies, select which teams or escalation policies the incident needs to reroute to.

    2. For Acknowledge Behavior, select your acknowledge behavior.

    3. For Incident Description, enter an informative description for the incident.

    4. For Incident Body, enter the necessary details for the responders.

    5. If applicable, select a Conference Bridge.

  3. Select Create Incident.

Manually create an incident from mobile

For more information on how to manually create an incident from the Splunk On-Call mobile app, see Mobile app incident management.