Docs » Introduction to Splunk Incident Intelligence

Preview: Splunk Incident Intelligence

Preview features described in this document are provided by Splunk to you β€œas is” without any warranties, maintenance and support, or service-level commitments. Splunk makes this preview feature available in its sole discretion and may discontinue it at any time. Use of preview features is subject to the Splunk General Terms.

Introduction to Splunk Incident Intelligence πŸ”—

Use Incident Intelligence to collaboratively diagnose and remediate issues across your environment. Incident Intelligence lets site reliability engineers (SREs) in IT and DevOps resolve outages with alert correlation, incident response, and on-call routing.

How Incident Intelligence works πŸ”—

Incident Intelligence ingests, routes, and groups alerts to create incidents. Alerts are routed and grouped based on rules that you configure. If an alert or set of alerts meets the criteria for a critical incident, an incident is automatically triggered and escalated to the corresponding responder based on the incident workflow and on-call schedules you configure. See Splunk Incident Intelligence overview high-level overview of the end-to-end journey of an incident in Incident Intelligence.

How Incident Intelligence fits into Splunk Observability Cloud πŸ”—

Splunk Observability Cloud provides a unified experience for collecting and monitoring metrics, logs, and traces from common data sources. Incident Intelligence is integrated into Observability Cloud to provide alert analytics and on-call management in one place. With Incident Intelligence, you can reduce alert noise, automate actions, and accelerate incident response.

For more information about Observability Cloud, see Welcome to Splunk Observability Cloud.

Sign up for the Incident Intelligence public preview πŸ”—

To sign up for Incident Intelligence public preview, see

Get started with Incident Intelligence πŸ”—

For step-by-step instructions on how to set up Incident Intelligence, see Set up Splunk Incident Intelligence.

What can I do with Incident Intelligence? πŸ”—

Follow the links in the table to complete the tasks that are relevant to you.

Do this

With this tool

Link to documentation

Ingest alerts from Observability Cloud or third parties.

Alert ingestion

See Ingest alerts in Splunk Incident Intelligence.

Create incident policies to automatically organize incidents depending on the impacted service.

Incident policies

See Create and configure incident policies.

Route alerts to associate them with an incident policy.

Alert routing

See Configure the alerts that are routed to your incident policy.

Manage which alerts create an incident and how alerts are grouped into incidents. Use alert severity to determine if an incident is created and group alerts by time period.

Alert grouping

See Configure how alerts are grouped.

Create incident workflows with a series of escalating steps to determine who is notified to respond when a new incident is triggered.

Incident workflows

See Configure incident workflows for your incident policy.

Create on-call schedules and shifts to use as a step in your incident workflows.

On-call schedules and shifts

See Create and manage on-call schedules.

Use incident management tools to respond to incidents as they are triggered.

Incident response

See Respond to and manage incidents.

How to provide feedback or get help πŸ”—

Use the following forms to share feedback or ask questions about Incident Intelligence: