The alert workspace contains various areas containing alert details and possible actions.
The base state of an alert in a configured system is open and unacknowledged, with the team assigned automatically. Only an acknowledged alert can be promoted to an incident.
For information on Response rules which can automate some aspects of an alert, see Incident Response Automation.
- Acknowledge or unacknowledge the alert.
- Promote the alert to an incident.
- Close the alert record.
- Save the alert record. The Save becomes available once you have made a change.
|Service||Imported service associated with the alert, if available. You can edit this
field from a list menu.
Note: When you set a service, and that service has an assigned team, the assigned team of that service is automatically assigned to the incident.
Use the information icon, , to view the service details.
|Priority||Imported priority on the alert. You can edit this field.
|Assigned team||Team of the alert assignee. You can edit this field.|
|State||Alert state. See Incident Response alert states for more information.|
|Assigned to||Individual assigned to the alert. This assignee can be the person who acknowledged it or the one reassigned to it. You can edit this field.|
|Parent alert||The alert this alert is related to, if it is a related alert.|
|Incident||Incident identifier if there is one. You can select one from a list menu.|
|Integration||Integration that created this alert. Empty, if the alert was manually created.
Use the information icon, , to view the integration details.
|Source URL||Imported URL from the source of the alert.|
|Source||Imported source of the alert.|
|Metric Type||Imported type of the metric associated with the alert.|
|Metric Name||Imported name of the metric associated with the alert.|
|Resource||Imported node resource (process or service) associated with the alert.|
|Node||Imported name of the node (FQDN, IP address or MAC address) associated with the alert.|
|Message key||Identifier for multiple events related to the same alert.
Note: If this value is empty on import, then it is generated from the Source, Node, Type, Resource, and Metric Name field values.
|Additional information||Imported request payload that generated the alert. Enhanced to be formatted JSON for improved readability.|
This tab contains any alerts associated with this alert.
In addition to the incident header information, a grouped, related alert contains a Grouped by field. This field indicates how the related alert was grouped.
- Manual - Group created manually.
- Automated - Group created automatically during import.
- Grouping rule - Group created by a rule with a link to that rule.
Each record contains the following fields: (You can filter and refresh the list.)
|Number & Description||Related alert identifier and short description.|
|Service||Service related to the related alert.|
|Priority||Priority of the related alert.|
|State||Related alert state.|
Whether the alert has been acknowledged or not. Values are true or false.
Selecting the Acknowledged state opens the related alert.
|Team||Assigned team for the related alert.|
|Assigned to||Responder assigned to the related alert.|
|Source||Source of the related alert.|
|Remove alert button||This button becomes available when you choose the alert by selecting the check box next to it. If you had more than one alert to remove from the alert group, this option lets you choose multiple alerts and remove them all at once.|
|Name & Description||ID and short description of the response rule that ran on this alert.|
|Action||Action icon that the alert rule specified.|
|Status||Icon shows whether the action executed successfully or not.|
|Log Message||Actions taken or error messages.|
|Execution date & time||Date and time the action was taken.|
Work notes: Add work notes and Post work notes (Private) to the Incident timeline. Visible to responders and above. Notifications are sent for all updates based on user notification preferences.
The Attachments panel is hidden until you select the attachment icon.
On the Attachments panel, you can initially Browse your local hard drive for files.
- Search for an attachment based on its name or extensionNote: You must have two or more attachments to search.
- Upload a new attachment using the () icon
- Download an existing attachment using the More actions icon () to the right of the attachment.
- Remove an existing attachment using the More actions icon to the right of the attachment.
- Rename an existing attachment using the More actions icon to the right of the attachment.
Displays available Zoom meeting or Microsoft Teams or Slack channels to start or join.
- Select Start Zoom.
- A meeting pop-up appears.
- Add participants.
- Select Create Meeting.
- The meeting is created, invitations are sent, and you join the meeting.Note: Any issues found when starting a meeting are shown in a banner message.
- Select Join Meeting
- Sign in to your Zoom account.
- You join the Zoom meeting.
- Select Start Channel.
- Sign in to your Microsoft Teams account.
- Select Create. You are redirected to the Microsoft Teams application.
- Back in the Collaboration column, the Join Channel button
is activated.Note: Any issues found when joining a channel are shown in a banner message.
- Select Join Channel in the Collaboration panel in Lightstep Incident Response.
- Sign into your Microsoft Teams account.
You are taken to the channel in Microsoft Teams.
- Select Start Slack.
- Add participants in the Create a Slack channel pop-up.
- Select Create. You are redirected to the Slack application.
- Back in the Collaboration column, the Join Slack button
is activated.Note: Any issues found when starting a channel are shown in a banner message.
- Select Join Channel in the Slack application window.
- Sign into you Slack account.
You are taken to the Slack channel.
Add responders from the list menu and select the Add icon. Responders are notified based on their notification preferences.
Helpful links are defined in the affected service for this record. See Create a service for detailed information on adding links.