Managing Incidents In ChatOps
Incidents appear in the reactive channel of your ChatOps interface. They provide the context for an issue that is severely impacting operations. Included are all alerts that are relevant to the issue, and information about how the affected resources relate to one another. The creation and evolution of incidents is informed by alerts.
Learn more about events, alerts and incidents.
Note: For reasons of convenience and consistency, on this page and on related pages, icons and screen grabs are taken from a Slack implementation of ChatOps.
ChatOps Icons
| Icon | Description |
|---|---|
 |
Priority |
 |
Critical Alert (Sev 6) |
 |
Major/Minor Alert (Sev 5 or 4) |
 |
Warning (Sev 3) |
 |
Information/Indeterminate (Sev 2 or 1) |
 |
Link to Platform UI or other online resource |
 |
Probable cause |
 |
Alerts |
 |
Trigger alert |
 |
Recommended runbooks |
 |
Recommended actions |
 |
Incident resources |
 |
Similar past resolution tickets |
 |
Log anomaly |
Incident statement
Every incident on a ChatOps interface has an Incident statement area that provides a quick overview of a potential problem. The statement includes a description of the incident, its priority, and when the incident was triggered. The status reflects the current state of the incident and can be set by the SRE.
The Incident statement contains overall information relevant to an incident, including:
| Field name | Description |
|---|---|
| Priority | Priority level that indicated the impact level of an incident on customer. |
| Incident title | A title that describes the incident. Set as a summary of the first trigger alert, unless it is modified by the user. |
| Incident | A unique number that is assigned to the incident, also shown within the Platform UI. |
| ServiceNow | The linked ServiceNow incident number. For more information about configuring a ServiceNow integration, see Configuring the ServiceNow App for IBM Cloud Pak for AIOps. |
| Description | A summary of the incident, including number of alerts and log anomalies. |
| Impacted applications | List of applications impacted by incident. Access the applications directly that use the hyperlinks. |
| Status | Open: Incident is open and unassigned In progress: Incident is assigned and is being worked on. Resolved: Incident is resolved. Closed: Incident is closed. |
| Owner | The email registered to the Slack/Microsoft Teams accounts assigning themselves to the incident. It is recommended that this email matches the email that is registered in the Platform UI. |
| Created | Date and time that the incident is created. |
| Updated | Last date and time that the incident is updated. |
Updating an incident
At the end of each incident entity, there are options to assign and update the incident.
Click Edit to revise incident title, description, group, or priority level. Users can also self-assign the incident and mark it in progress or resolved.
Self-assign and Set to in-progress
The incident owner is set by clicking Self-Assign or Set-in-progress. When either option is selected, incident ownership is immediately set to the current user. Note: It is not currently possible to assign other users as owners.
Tagging users in Slack
When you Set to in-progress an incident, you can also tag other users by adding their names to the Users to notify field. However, to be tagged, users must be part of the workgroup (Note: If even one of those tagged is not in the workgroup, then tagging fails for all users). When tagged, the user is automatically added to the channel and receives notifications to the incident.
Incident resolution and closure
Where an incident status is Resolved, it is eventually moved to Closed status, in accordance with retention policy period.
Note: When an incident has the status Resolved or Closed, the functions in ChatOps are limited and no action or link is provided for that incident.
For more information about working with insights from ChatOps, see the following topics: