Incident Search

Overview

The Incidents page lets you search and filter incidentsClosed A collection of one or more related triggers. Relationships that cause triggers to be combined into incidents include application, location, operating system, or a trigger by itself. so you can find a specific set (for example, by description text, status, priority, incident type, or time range). That capability makes it easier to triage, track ongoing work, or pull incidents for reporting. You open an incident from the list to see its full details on the Incident Details page. For day-to-day incident handling, see Managing Incidents.

Incident search uses a search bar (free text), a filter bar (selected filters, type, and time range), and a Filters panel on the left that lists facet categories and values. The result count updates as you change the search text or filters. The same page can show other explorer types (Devices, Interfaces, Applications, Locations). Use the type dropdown to switch to Incidents when you want to search incidents.

Search bar

Use the search bar to narrow results by text. Type in the box and click Search (or press Enter).

  • Exclude a term: Prefix the term with a minus sign (-). Results will not include incidents that match that term.

  • Search for a phrase: Enclose the phrase in double quotation marks. Results will match the exact phrase.

Filter bar

The filter bar shows the currently applied filters and lets you set the time range for incidents.

  • Type: Choose Incidents, Devices, Interfaces, Applications, Locations, or another explorer type. The page shows only the selected type.

  • Time range: For incidents, you can restrict results to a time period (for example, last one hour, 12 hours, one day, 7 days, or last month). The time control appears when the type is Incidents.

  • Selected filters: Any facets you choose in the Filters panel appear here as tags. Remove a tag to drop that filter.

  • Clear All: Removes all selected filters and the time range.

Filters panel

The Filters panel lists facet categories and their values, with counts for the current result set. Select one or more values in a category to refine the results. The list of facets reflects the data in your environment. Typical categories for incidents include:

  • Ongoing State: Whether the incident is still ongoing or has ended.

  • Status: New, Investigating, or Closed.

  • Priority: Critical, High, Moderate, or Low.

  • Incident Type: For example, Device Down Issue, Interface Performance Issue, Application Location Performance Issue, Multi-Device Down Issue.

  • Entity-based facets: Device name, Interface name, Application name, Impacted Application, Impacted Location, Impacted User. These narrow results to incidents that involve the selected entities.

After you select facets, click Apply Filters to run the search with the new criteria (or use Clear All to reset). For how to get to the Incidents page and use the list, see Incidents page. To find incidents by entity or metric from elsewhere in the product, you can also use global search. Results include incidents where that object appears as an indicator.