Re-route incidents ๐
Sometimes, users who are paged for an issue may need to reroute the incident, either to another team, or to a specific individual. Splunk On-Call offers the ability to route an existing incident to individual users, teams of users or escalation policies.
What you need to know ๐
When an incident is routed directly to a user, the user will be paged in accordance with their personal paging policy until it has been acknowledged.
When an incident is routed to one or more escalation policies, it will page and escalate in accordance with the steps indicated in the policy.
You will want to ensure your team members have appropriately set up their policies such that important incidents arenโt being routed to email purgatory.
Web Portal ๐
From the Incident Management pane, select the reroute symbol:
This will produce a prompt where you can search for Escalation Policies and Users to reroute to.
Selecting a user to reroute to will invoke notifications according to that userโs Personal Paging Policy.
Selecting an Escalation Policy will cause the incident to be processed by that policy, which may or may not result an any users being notified immediately depending on the way the policy is configured.
Once you have selected the appropriate users or policies, select Reroute.
Mobile ๐
An incident can be rerouted directly from a push notification by holding down the notification, and then selecting Reroute.
There is also the ability to reroute an incident from within the mobile application. To do so, tap into respective incident and in the bottom right corner there is the ACK or REROUTE buttons and on the left hand corner is SNOOZE:
Select Reroute.
From the Reroute page, select the escalation policies or direct users to be notified in the reroute. Once you have finished marking your selection, tap the Reroute icon in the upper right corner to confirm your decision.