You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
My team is just getting started with incidents and are currently creating/managing incidents manually. We are mostly wanting them for post-incident analysis and reporting for now. The problem is that the first 10+ minutes are spent investigating/managing the issue and we may not create the incident until after it is resolved as part of the postmortem process. When we do this, we encounter the following issues:
1) The post-incident analysis report duration/time to respond/time to resolve is based on when the incident was created/acked/closed. While the impact start/end/detect seem to be modifiable on the incident page, it doesn't seem to use these as I would expect in the analysis. We would like to use these reports to track detection delay, time to mitigation, time to resolution, etc.
2) When I associate alerts to the incident, only the time they were associated is shown in the incident timeline, not the time the alert occurred, which is what I want.
3) The timeline does not show the modified incident impact begin/end, detection time, etc.
4) When I create the incident manually, I immediately get paged for it and have to ack it. I know I created an incident, I don't need the oncall to be paged about it when it's manually created.
Any ideas for overcoming these issues? Or helpful pointers for setting up our incident management in general? I'm not new to oncall/incident management, just Opsgenie.
Hi @Danielle Hanks - thanks for your questions and feedback!
For your first point - you're correct, the incident duration is based on the time the incident was created and closed. We do have a feature request to either make those editable, or to make the incident duration based on the editable fields (impact detected/opened, and impact end times). But right now, it's not possible to edit the duration.
The timeline just shows actions that were taken on the incident (i.e. when it was created, resolved, etc.) as well as when any updates were sent out to stakeholders, and when alerts are associated. I can enter a feature request for it to show the time an associated alert was created, as opposed to the time that the alert was associated to the incident, but currently it is showing the latter.
For your last question - generally when you create an incident, you will add responder teams. That means a responder alert will be created for each team that is a responder on the incident, and the responder alerts are how users are notified of incidents, the incident itself doesn't send notifications.
So when you create the incident, the creator of the incident is considered a "responder", so a responder alert is created for them. We do have a feature request for this to not happen, as I see the point that the person creating it manually probably doesn't need to be notified of it.
In summary, we have feature requests for pretty much everything you're looking for, just not all available at the moment. Incident Management is a big focus for Opsgenie currently, so there will continue to be enhancements and new features added to improve the incident management experience in Opsgenie to best fit all our different customer's use-cases.
Hope that helps!