Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Incident and Responder Alert process is not so clear

serge calderara
serge calderara
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 23, 2021

Dear all,

We are actually evaluating opsgenie and we face to a question related to Incident and Responder alert.

We notice that when an incident is created from incident rules, it does different things :

  • Create the incident
  • Associate the root alert to the incident
  • Create a responder Alert matching the root alert which cause the incident

Now we need at this stage to handle the incident from our team and we do not catch from documentation the correct process .

For instance we understand that the Alert responder is the entry point where people will work on to solve the incident. 

So the scenario is as below :

  1. On personn from our team ACK the reposnder alert
  2. That person became the owner of the alert
  3. That person add some notes on his investigation of the incident. During that time the status of the incident is still OPEN
  4. Then the person decide to close the alert based on the investigation done

Closing the Alert do not close the incident which remains open.

Question 1 :
Does the Responder Alert is the correct working source for the team or does it need to work from incident directly ?

Question 2 :
Is there any sync on Status between incident and Responder Alert. What I means is that if we close the incident, does the Alert is closed automatically or status handling need to be done independently on incident and Alert

Thanks for clarification

Answer
Watch
Like Be the first to like this
579 views

1 answer

0 votes
Samir
Samir
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 24, 2021

Hi @serge calderara 

 

Taking action on the responder alert (i.e. acknowledge responder alert) does not update the incident itself. However, it does work the other way, i.e. resolving the incident, will acknowledge the responder alert(s) for that incident. And closing the incident, will close the responder alert(s).

 

Thanks,

Samir

View More Comments
serge calderara
serge calderara
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 24, 2021

hello @Samir , so what is the proper way to work on an incident ?

Should team works on the Reporter Alert or should it work on the Incident itself ?

Like
Samir
Samir
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 24, 2021

There isn't a "right" vs "wrong" way necessarily. If you want to stop the responder alert from escalating so it doesn't continue notifying, then you would want to acknowledge the responder alert.

 

Otherwise, you can just take action on the incident itself, and that will update the responder alert(s).

Like
serge calderara
serge calderara
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 25, 2021

Hello @Samir , I notice one strange things if we work on Incident details :

1 - There is not place to add notes ?

2 - We notice a button call INVESTIGATE but it is necessary to connect to a CI/CD why ? There is no way to have an invesigation without CI CD especially if the incident is from a network issue for instance ?

Regards

Like
Samir
Samir
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 29, 2021

Hi @serge calderara ,

 

Yes - there are no notes on incidents, you can add entries to the incident timeline.

 

And connecting a CI/CD is required for incident investigation, because the incident investigation feature is what allows you to pull in past deployments from your CI/CD tool that could have been a potential cause of the incident.

https://support.atlassian.com/opsgenie/docs/investigate-an-incident/

 

So without connecting a CI/CD tool, there would be no use of the incident investigation feature.

Like
serge calderara
serge calderara
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 29, 2021

hi @Samir  thanks for your reply

This is not a logical approach that for Incident investigation you need to have a CI/CD.

The resaon for that is that incident does not necessary comes from a software deployement .

From our integration with dynatrace for instance, we would like to start an investigation on the incident which is pure an infrastruture case for which we absolutly do not need any CI/CD.

How this can be done from Incident in that case?

regarsd

Like
Reply

Suggest an answer

Log in or Sign up to answer
Opsgenie
Opsgenie
TAGS
AUG Leaders

Atlassian Community Events

    See all events