Incident Details Page¶

The Incident Details Page is a dedicated page for viewing and handling a single incident. Here, you can understand incident details, perform status operations, analyze related data, and collaborate with your team.

Top Summary¶

The top of the Incident Details Page displays the core information of the incident, including:

Incident Severity: Such as P0, P1, specified when the monitor was triggered and cannot be modified.
Status and Time: Current status (Open/Working/Resolved/Closed) along with its first trigger time and total incident duration.
Title: A brief description of the incident.
Assignee: Displays the current assignee. You can manually assign or change the assignee (member/team) here.

Status Flow¶

Status Change: Only the current assignee can use the dropdown to change the incident status. Status changes are updated in real-time and recorded in the operation timeline.
Progress Nodes: Key nodes for status changes are displayed in a timeline format on the right side or top of the page.
Rollback Operation: The assignee can roll back an incident in Working status to Open. After rollback, the assignee is cleared.

Vacation Handling Mechanism¶

If you have claimed an incident but need to take a vacation:

Go to User Settings > Status > Select "On Vacation".
The system will no longer send notifications for this incident to you.
It is recommended to first hand over the incident to another user, or ensure that the escalation strategy is configured with subsequent notifiers.

Incident Details¶

When entering the details page, the "Incident Details" tab is displayed by default.

Error Distribution Chart¶

Displays a bar chart of error distribution for the incident's dimensions over the last 1 hour. Clicking on a bar will carry the current filter conditions and jump to the Log or APM Explorer for further analysis.

Anomaly Description¶

The Anomaly Description area centrally displays the original information about the incident:

Detection Dimension: Shows the detection dimension associated with the incident, e.g., host:192.168.1.1 or service:auth, to quickly locate the affected object.
Source: Indicates the specific monitor or intelligent inspection rule that triggered this incident, facilitating traceability of the alert source.
Event Content: Displays the original alert content, typically the specific information recorded when the monitor detected an anomaly, such as the original log text or metric value.
Detection Metric: Shows the DQL query statement of the trigger condition. You can refer to this statement directly to understand the detection logic.
Description: You can manually enter text here to provide additional explanations for the incident, facilitating team understanding.
Additional Information: Extra context added by the system or users, such as associated change records, ticket links, etc.

Operation Records¶

In the "Operation Records" section, you can view the complete handling history of the incident. The system clearly displays all key operations in reverse chronological order, including incident triggering, status changes, severity adjustments, assignee handovers, and escalation notification executions. This helps you stay updated on the latest progress and trace the complete handling process.

Collaboration Records¶

You can use the comment function at the bottom of the current details page for team collaboration, supporting adding text, links, or uploading attachments.

All collaboration content is aggregated in the Collaboration Records section. The system automatically logs a complete operation history, including incident triggering, status changes, Operation Records, assignee adjustments, and escalation notifications, forming a clear audit trail for subsequent tracking and review.

In the "Related Events" tab of the Incident Details Page, the system centrally displays all monitoring events related to this incident. These events are automatically associated based on the same detection dimension and, by default, show data from the 2 hours before and after the incident occurred.

Here you can view:

The occurrence time, source, and specific content of events.
The detection metrics and description information associated with events.
The distribution of events (visually presented through a time bar chart).

Clicking on any event or a time interval in the distribution chart will carry the current filter conditions and jump to the corresponding analysis page. There, you can further view detailed logs, metric trends, or APM information to assist in identifying the root cause of the incident or assessing its impact scope.

Based on the incident's detection dimension (e.g., service, host, app_name), the system automatically loads corresponding analysis tools without requiring manual navigation:

If the detection dimension includes service: Displays related APM, Service Map, Related Logs, Analysis Dashboards, etc.
If the detection dimension includes host: Displays related Metrics, Logs, Processes, Containers, Network, and other built-in views.
If the detection dimension includes app_name: Displays related RUM Errors, Analysis Dashboards (varies based on application type).
Other dimensions: Display corresponding built-in views based on the actual situation.

All data views are focused on the 2 hours before and after the incident by default. You can quickly understand the impact through the distribution chart and click to jump to the corresponding page for in-depth analysis.