Incident pane

About the Incident pane in Splunk On-Call which displays incoming alerts.

Requirements

The incident pane requires the standard or enterprise level of service.

The incident pane serves as a repository for recent activities in your timeline. The incident pane, located to the right of the timeline, houses alerts that come into Splunk On-Call. We currently store seven days or 1,000 events worth of timeline alert history, whichever comes first. Historical data that fall outside of the aforementioned storage parameters of the Incident Pane may be obtained through the use of the VictorOps API.

Incident owner tabs

The tabs along the top level in the incident pane are the incident owner tabs, which define the association of incidents by all activity, individual user interaction, and team interaction. These tabs allow you to quickly limit the scope of work from all incidents to incidents that pertain only to you and your team.

In order to display all or only certain panes (People, Timeline, or Incident), select Customize View. In the drop-menu menu, select the desired panes.

Select the views to display using the Customize View drop-down.

Incident status tabs

The Incidents pane, located to the right of the Timeline, houses alerts that come into Splunk On-Call. At the top of the incident pane, you will see three categories: Triggered, Acknowledged, and Resolved.

Select the status to display.

From the Triggered or Acknowledged tabs, you may select a single incident or multiple incidents to acknowledge, re-route, or snooze.

Once a triggered incident has been acknowledged and resolved, you may view it in the Resolved tab. Here, and in the other tabs, you may select a single incident to review. You may also pop the incident details out into separate window for easier viewing.

New triggered incident

When a new incident reaches the Splunk On-Call timeline, the incident will appear in the Triggered tab.

View new incidents on the Triggered tab.

Once the triggered incident appears under the Triggered incident tab, you can acknowledge it by selecting the check mark in the upper-right corner of the incident.

Acknowledge the triggered incident.

You also have the option to acknowledge multiple incidents at one time. Select the box on the left corner of the triggered incident in the incident pane, then select Acknowledge All Selected.

Incident details view

The incident details view provides a holistic overview of all information related to a particular incident including annotation. The incident details view can be accessed in a few ways:

  • Incident number link located on the top of alert card

  • Incident Details link in bottom right corner of alert card

Annotations can be found on the bottom-right corner of incident cards.

Annotations can be found on the bottom-right corner of incident cards.
Note: Annotations are added to incidents using the Rules Engine. This feature is only available in the Full Stack plan

Panels that display more specific alert details for an incident in Splunk On-Call.

The incident details view contains the incident card and tabs displaying the alert details and annotations from the most recent alert.

Incidents can be acknowledged, rerouted, and resolved from this view. Additional responders can be added from this view.