Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Associate past incident with new alerts

Marc-Antoine Sulmon
Marc-Antoine Sulmon December 14, 2021

Hi,

I would like to know if OpsGenie is able to provide or suggest some past incident when a certain pattern of alerts are coming.

For instance, one day we receive this pattern of alert :

- Alert "ABC"

- Alert "AZE"

- Alert "MNO"

Those alerts are associated to an incident. They incident is solved and some actions to solve the issue are logged into the incident. Those actions could help any futur analysis and mitigation action.

 

Then few days later, OpsGenie receive the same pattern of alert :

- Alert "ABC"

- Alert "AZE"

- Alert "MNO"

Is their any functionality to indicate to the responder that a past incident has been created and it could be helpful for him to have a look in the remediation plan ?

 

Thanks for your help on this !

Regards

 

 

 

 

Answer
Watch
Like Be the first to like this
402 views

1 answer

0 votes
Connor Eyles
Connor Eyles
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 16, 2021

Hi @Marc-Antoine Sulmon 

Thanks for reaching out!

This is an interesting one, what I'm thinking is making use of auto incident creation rules here.

When you start to see a pattern occur for an incident for example:

  • Alert "ABC"
  • Alert "AZE"
  • Alert "MNO"

You can create an Incident rule to match this pattern and assign it to a service. When this pattern occurs again this will create an incident for that service and your engineers can see previous Incidents for that service to find the remediation plan.

The great thing about the Incident rules is during the Incident and more alerts come filtering in, if they match the Incident rule and the Incident is open they will be auto associated to the open Incident. 

Let me know how you feel about this suggestion and I can elaborate further if you would like!

The document for the Incident rules is - https://support.atlassian.com/opsgenie/docs/automatically-create-an-incident-via-incident-rules/ 

Thanks,

Connor

View More Comments
Marc-Antoine Sulmon
Marc-Antoine Sulmon December 17, 2021

Hi Connor,

This is not exactly what I am looking for.

"Searching" for past incident is not very effective, the idea is to have an automatic proposition of potential related incident. 

A bit like the section "Related Community content" in the top right of this page :

Capture d’écran 2021-12-17 à 09.43.31.png

Thanks !

Like
Nick OG
Nick OG December 17, 2021

Hi @Marc-Antoine Sulmon ,

Like Connor mention, searching for past incidents is probably the best way to achieve this. But related incidents will also be listed under the Service that these incidents were created under as well:

service1.jpg

You can then click into these past incidents, review the timelines, postmortems, associated alerts that might be similar, etc. on what was done to get these previous / related incidents resolved:

service2.jpgservice3.jpgservice4.jpgservice5.jpg

Like Connor Eyles likes this
Marc-Antoine Sulmon
Marc-Antoine Sulmon December 21, 2021

Thanks,

But definitly i think we are not aligned :) I don't want to associate alert to a previously created incident.

To be more precise : is it possible to search incident by associated alert :

"I want to get all incident containing alert "Alert ABC" and "Alerte AZE" ?"

 

Regards

Like
Nick H
Nick H
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 21, 2021

There isn't a way to search incidents by associated alerts. You could search for these alerts with a query like:

message: "ABC" AND details.key: "incident-alert-type" AND details.value: "Associated"

assoc1.jpg

And click into each incident through the alert that way:

assoc2.jpg

 

This is what can be used to query the Incidents tab:

https://support.atlassian.com/opsgenie/docs/search-syntax-for-incidents/

Like Connor Eyles likes this
Reply

Suggest an answer

Log in or Sign up to answer
Opsgenie
Opsgenie
TAGS
AUG Leaders

Atlassian Community Events

    See all events