Docs » Introduction to Splunk Incident Intelligence

Introduction to Splunk Incident Intelligence 🔗

Use Incident Intelligence to collaboratively diagnose and remediate issues across your environment. Incident Intelligence lets site reliability engineers (SREs) in IT and DevOps resolve outages with alert correlation, incident response, and on-call routing.

How Incident Intelligence works 🔗

Incident Intelligence ingests, routes, and groups alerts to create incidents. Alerts are routed and grouped based on rules that you configure. If an alert or set of alerts meets the criteria for a critical incident, an incident is automatically triggered and escalated to the corresponding responder based on the incident workflow and on-call schedules you configure. See Splunk Incident Intelligence overview high-level overview of the end-to-end journey of an incident in Incident Intelligence.

How Incident Intelligence fits into Splunk Observability Cloud 🔗

Splunk Observability Cloud provides a unified experience for collecting and monitoring metrics, logs, and traces from common data sources. Incident Intelligence is integrated into Observability Cloud to provide alert analytics and on-call management in one place. With Incident Intelligence, you can reduce alert noise, automate actions, and accelerate incident response.

For more information about Observability Cloud, see Welcome to Splunk Observability Cloud.

Get started with Incident Intelligence 🔗

For step-by-step instructions on how to set up Incident Intelligence, see Set up Splunk Incident Intelligence.

What can I do with Incident Intelligence? 🔗

Follow the links in the table to complete the tasks that are relevant to you.

Do this

With this tool

Link to documentation

Ingest alerts from Observability Cloud, Splunk Enterprise, Splunk Cloud Platform, IT Service Intelligence (ITSI) or third parties.

Alert ingestion

See Ingest alerts in Splunk Incident Intelligence.

Create incident policies to automatically organize incidents depending on the impacted service.

Incident policies

See Create and configure incident policies.

Route alerts to associate them with an incident policy.

Alert routing

See Configure the alerts routed to your incident policy.

Manage which alerts create an incident and how alerts are grouped into incidents. Use alert severity to determine if an incident is created and group alerts by time period.

Alert grouping

See Configure how alerts are grouped.

Create incident workflows with a series of escalating steps to determine who is notified to respond when a new incident is triggered.

Incident workflows

See Configure incident workflows for your incident policy.

Create on-call schedules and shifts to use as a step in your incident workflows.

On-call schedules and shifts

See Create and manage on-call schedules.

Use incident management tools to respond to incidents as they are triggered.

Incident response

See Respond to and manage incidents.

How to provide feedback or get help 🔗

Use the following forms to share feedback or ask questions about Incident Intelligence: