Skip to content

Frequently Asked Questions

Incident List

Why do some incidents show an "Unknown" severity level?

Possible reasons:

  • The monitor is not configured with severity mapping.
  • The default severity is disabled and no custom severity is configured.
  • Anomalies automatically detected by intelligent inspection are not associated with a severity level.

Can incidents be deleted?

Incidents cannot be deleted, only closed. This is to ensure the integrity of the audit trail.

Why do multiple incidents get generated for the same issue?

The system automatically merges identical alerts based on detection dimensions. If the detection dimensions differ (e.g., different hosts, different services), independent incidents will be generated.

Incident Details

Why do I still receive notifications after claiming an incident?

Possible reasons:

  • The incident re-triggered after being claimed (recurred after being Resolved).
  • Multiple on-duty rules matched this incident, and other rules are still sending notifications.
  • The repeat notification feature in the escalation policy is enabled.

Can the detection dimensions of an incident be modified?

No. Detection dimensions are automatically generated by the monitor and are the core identifier of the incident.

How can I check who has been notified about an incident?

Check the Operation Logs. The system records the recipients and methods for each notification sent.

Can incidents be merged?

The system automatically merges alerts with identical detection dimensions into the same incident. Incidents with different dimensions do not support manual merging.

On-Duty

Why was an incident generated but the on-duty person did not receive a notification?

Troubleshooting steps:

  1. Check if the incident tags match the on-duty rules.
  2. Check if the current time is within the on-duty rule's effective time period.
  3. Check if the on-duty person has configured contact information.
  4. Check if the on-duty person's status is "On Leave".

What happens if multiple on-duty rules match the same incident?

All matching on-duty rules will receive notifications. If this is not the intended behavior, adjust the tag matching logic to ensure mutual exclusivity.

Can escalation policies be applied to specific incident severity levels?

Yes. In the severity configuration, you can specify applicable incident severity levels (P0/P1/P2). It is recommended to configure more aggressive escalation policies (shorter wait times + phone notifications) for P0, and more relaxed policies for P2.

Can on-duty rules be adjusted temporarily?

On-duty rules can be edited or deleted. After editing, newly generated incidents will follow the new rules, while existing incidents will continue to follow the original rules.

What are the options for on-duty rotation cycles?

Currently, daily, weekly, and monthly rotations are supported, as well as custom day intervals. The rotation order cycles through the on-duty personnel list sequentially.

When on-duty shifts cross days, does the wait time for escalation policies reset?

No, it does not reset. The incident's duration is calculated continuously. However, the notification recipients will switch to the new on-duty person, and subsequent notifications will continue based on the new on-duty person's rules. For example, if an incident triggers Level 1 during A's duty and enters Level 2 after crossing into the next day, then Level 2 notifications will be sent to the relevant personnel on duty B.