Flashduty Docs
中文EnglishRoadmapAPI官网控制台
中文EnglishRoadmapAPI官网控制台
  1. Incidents
  • Getting Started
    • Introduction
    • Quick start
    • FAQ
    • Product Comparison
  • Incidents
    • What is an Incident
    • View Incidents
    • Handle Incidents
    • Escalations and Assignments
    • Custom Fields
    • Custom Actions
    • Alert Noise Reduction
    • Past Incidents
    • Outlier Incidents
  • Configure Flashduty
    • Channels
    • Integrate Alerts
    • Alert Noise Reduction
    • Escalation Rules
    • Label Enrichment
    • Schedules
    • Templates
    • Service Calendars
    • Preferences
    • Alert Routing
    • Silence and Inhibition
    • Filters
    • Notification Bots
    • Alert Pipeline
  • Platform
    • Teams and Members
    • Permissions
    • Single Sign-On
    • Insights
  • Advanced Features
    • Referencing Variables
    • Dynamic Assignment
  • Integrations
    • Alerts integration
      • Standard Alert Integration
      • Email Integration
      • Nightingale/FlashCat Integration
      • Prometheus Integration
      • Grafana Integration
      • Zabbix Integration
      • Uptime Kuma Integration
      • Alibaba Cloud ARMS Integration
      • Alibaba Cloud Monitor CM Event Integration
      • Alibaba Cloud Monitor CM Metrics Integration
      • Alibaba Cloud SLS Integration
      • AWS CloudWatch Integration
      • Azure Monitor Integration
      • Baidu Cloud BCM Integration
      • Huawei Cloud CES Integration
      • Influxdata Integration
      • Open Falcon Integration
      • PagerDuty Integration
      • Tencent BlueKing Integration
      • Tencent Cloud CLS Integration
      • Tencent Cloud Monitor CM Integration
      • Tencent Cloud EventBridge
      • OceanBase Integration
      • Graylog Integration
      • Skywalking Integration
      • Sentry Integration
      • Jiankongbao Integration
      • AWS EventBridge Integration
      • Dynatrace Integration
      • Huawei Cloud LTS Integration
      • GCP Integration
      • Splunk Alert Events Integration
      • AppDynamics Alert Integration
      • SolarWinds Alert Events Integration
      • Volcengine CM Alert Events Integration
      • Volcengine CM Event Center Integration
      • Volcengine TLS Integration
      • OpManager Integration
      • Meraki Integration
      • Keep Integration
      • ElastAlert2 Alert Integration
      • StateCloud Alert Events
      • Guance Alert Events
      • Zilliz Alert Events
      • Huawei Cloud APM Alerts
      • zstack integration
    • Change integration
      • Standard Change Event
      • Jira Issue Events
    • IM integration
      • Feishu (Lark) Integration Guide
      • Dingtalk Integration
      • WeCom Integration
      • Slack Integration
      • Microsoft Teams Integration
    • Single Sign-On
      • Authing Integration
      • Keycloak Guide
      • OpenLDAP Guide
    • Webhooks
      • Alert webhook
      • Incident webhook
      • Costom action
  • Terms
    • Terms of Service
    • User Agreement/Privary Policy
    • SLA
  1. Incidents

Handle Incidents

Investigate incidents, update key information, and synchronize with others.

Change Information#

After an incident is triggered, its manifestation may become clearer over time. You can modify key information such as the incident title to make it more accurate than the original alert message.

Change Incident Title#

1.
Open the incident details in the console and click the edit button in the title section.
2.
Enter the new title to complete.

💡

The modified title will not change when new alerts are merged.

Change Incident Severity#

1.
Open the incident details in the console and select the new severity level.
2.
Click outside to complete.

💡

The modified severity will not change when new alerts are merged.

Update Incident Description and Impact#

1.
Open the incident details in the console and click to enter new information in the description and impact sections.
2.
The system will save automatically.
You can use Markdown syntax to update the incident description and impact, or directly copy and paste images!

💡

The modified description will not change when new alerts are merged.

Acknowledge Incidents#

There are three ways to acknowledge a newly triggered incident.

Acknowledge via Console#

Single Acknowledge: Open incident details in the console, click the acknowledge button to complete.
Batch Operation: In the incident list, select multiple pending incidents and click the acknowledge button to complete batch acknowledgment.

Acknowledge via IM Applications#

App Messages: The main card of application messages provides an acknowledge button. Click the card to complete acknowledgment. If clicking has no effect, you may not have completed account association in the application or there might be other issues. Please refer to Feishu/Lark Integration Guide.
Bot Messages: Most bot channels push messages in Markdown format. You can modify the notification template to add an acknowledge link for console redirection. Please refer to the default template for details.

Acknowledge via Voice Call#

For voice alerts pushed by Flashduty, after the voice broadcast ends, you'll be prompted to Press 1 to acknowledge. Press 1, and the system will complete the incident acknowledgment under your identity.

Unacknowledge Incidents#

Once someone acknowledges an incident, its status changes from "pending" to "processing". Additional acknowledgments won't change the incident status.
After acknowledging an incident, you can choose to unacknowledge it, which is useful in cases of mistaken acknowledgment. When all acknowledgers unacknowledge, the incident will return to pending status.

Processing Progress and MTTA#

You can view each person's assignment time and acknowledgment time in the console. We calculate incident MTTA according to these rules:
MTTA (Mean Time to Acknowledge) is defined as the average acknowledgment duration, calculated as the difference between acknowledgment time and trigger time.
For the same incident, each person can have different assignment and acknowledgment times. Therefore, MTTA calculations may differ for each person.
For an incident's overall MTTA, we only calculate the time difference between the trigger time and the first acknowledgment.

Snooze Incidents#

After acknowledging an incident, responders may need time to investigate and handle it. The Snooze operation can temporarily pause the incident from escalating according to the expected escalation rule. After acknowledging an incident, you can set a snooze duration, such as 2 hours, 4 hours, or a custom time within 24 hours.

💡

If you've snoozed an incident and the snooze time expires without completing the incident handling, the system will automatically return the incident to pending status and reinitiate assignment notifications.

Snooze via Console#

Open incident details in the console, click the Snooze button, select duration to complete.

Snooze via IM Applications#

Click the Snooze button on the incident message card, select duration to complete.

Close Incidents#

You have multiple ways to close an incident.

Close via Console#

Single Close: Open incident details in the console, click the close button to complete.
Batch Operation: In the incident list, select multiple pending incidents and click the close button to complete batch closure.

Close via IM Applications#

The main card of application messages provides a close button. Click the card to complete closure. If clicking has no effect, you may not have completed account association in the application or there might be other issues. Please refer to Feishu/Lark Integration Guide.

Reopen Incidents#

Manually closing an incident changes its status to closed. You can click the close button in any status. After manual closure, associated alerts will stop merging new events. If the alert hasn't recovered in the original alert system, new notification events might be generated, triggering new alerts and incidents in Flashduty.
You can reopen an incident after mistaken closure. After reopening, the incident will return to pending status and reinitiate assignment and notifications.

Merge Processing#

You can manually merge between incidents or between incidents and alerts. Merging similar alerts and incidents together consolidates information into a single incident, accelerating the handling process.
Merge Between Incidents: You can select multiple incidents in the console to merge into a target incident. You can also select other target incidents for merging from an incident's details.
Merge Alerts into Incidents: Alerts may merge into certain incidents due to grouping policies, but you can adjust incident-alert associations. You can go to alert details and click the merge button to migrate alerts to target incidents.
The essence of merging is: changing alert-incident associations. If all alerts in an incident are merged into other incidents, this incident will close directly, and you'll only need to handle the target incident.
The timeline will fully record your modification process.

FAQ#

Why does the system still trigger similar incidents after I snoozed one?
You might have confused the Snooze function with the silence function, but they are quite different.
Silence function requires you to fill in matching policies. When newly triggered incidents match the silence policy, they won't receive notifications. Silence policies can affect notifications of new incidents.
Snooze function doesn't require any policies. It only gives you time to handle the incident after acknowledgment, preventing escalation to the next level responder during processing.
If you need to suppress an alert policy, use silence instead of Snooze.
修改于 2024-12-10 08:40:22
上一页
View Incidents
下一页
Escalations and Assignments
Built with