Docs » Set up Splunk Incident Intelligence

Set up Splunk Incident Intelligence 🔗

To route incidents to the necessary teams and people, you need to first generate alerts. Next, you’ll complete your incident response configuration which includes creating and configuring incident policies and creating on-call schedules. After you configure your incident policies and schedules, users can begin responding to incidents.

Required Incident Intelligence prerequisites and permissions 🔗

Get started 🔗

Complete these tasks to get started with Incident Intelligence:

  1. Ingest alerts in Incident Intelligence. See Ingest alerts in Splunk Incident Intelligence.

  2. Create incident policies to organize your alerts and incidents based on the impacted environmental component, for example, your web application service or checkout service. See Create and configure incident policies.

  3. Configure the alert routing within the incident policy to associate alerts with an incident policy. See Configure the alerts that are routed to your incident policy.

  4. Configure alert grouping within the incident policy to manage which alerts create an incident and how alerts are grouped into incidents. See Configure how alerts are grouped.

  5. Configure the incident workflow within the incident policy to determine who is notified when a new incident is triggered. See Configure incident workflows for your incident policy.

  6. Create an on-call schedule and add them as a step in your incident workflows. See Create and manage on-call schedules.

This completes the setup for Incident Intelligence. You are ready to begin responding to incidents. See Respond to and manage incidents.