Incident correlation

Overview of the Real-time incident correlation dashboard

The Real-time incident correlation dashboard displays new incoming incidents as clusters represented on a grid. The dashboard automatically refreshes every one minute. You can also use the refresh icon to refresh the dashboard manually at any time.

Each horizontal tile on the dashboard represents a cluster. A typical cluster has incidents that belong to your assigned company and support group. A cluster should contain at least certain number of incidents (based on configuration) that are assigned to your company and support group for it to appear on the dashboard. A cluster without any incidents relevant to you is not displayed. The clusters that have a major incident or a possible major incident are marked in the dashboard as shown in the following image:

The following table describes the scenarios when the clusters have a label:

When all major incidents are updated as usual incidents in a cluster, the Major incident in Cluster indicator is no longer displayed.

When all major incident candidates are updated as usual incidents in a cluster, the Possible Major Incident indicator is no longer displayed.

You can sort the clusters by the following characteristics:

• Average priority—Sort clusters on the basis of average priority. Clusters with the highest average priority are displayed first.
• Number of incidents—Sort clusters on the basis of the number of incidents in a cluster. Clusters with the highest number of incidents are displayed first.
• Trend over the last 'n' hours—Sort clusters on the basis of the number of incoming incidents in a cluster. Clusters with the highest number of incoming incidents are displayed first.

The count of incidents is updated based on the number of incidents matching the filter criteria in the cluster. Clusters that do not have incidents that match the filter criteria are not displayed. You can use the filter simultaneously with the text search for better results.

Inside a tile, you can view the following information by default:

• Name of the cluster 
• Number of incidents—Indicates the total number of incidents grouped together in a cluster at a given point in time
• Trend line graph—Displays the historic growth of the number of incidents over the lifetime of the cluster 
• Trend—Displays the number of new incidents that have been added to the cluster in the last 'n' hours
• The time elapsed since the cluster was formed
• Most frequent priority and average priority of tickets in the cluster
• Location—Displays the locations if available

Incident cluster details

Click the cluster name to view more details of the cluster. The incidents in the cluster are displayed in a tabular format. When you drill down into a cluster, you see only those incidents that are assigned to the company and support groups to which you belong.

If you have selected filter criteria in the Real-time incident correlation dashboard and drill down into a cluster, the list of incidents relevant to the selected filter criteria is displayed. The inherited filter criteria from the Real-time incident correlation dashboard is displayed in the screen as shown in the following image:

You can select additional filter criteria in the screen to further narrow down the incidents. However, you cannot remove the filter criteria inherited from the Real-time incident correlation dashboard.

Click an incident in the table. The incident ticket opens in Smart IT in a new tab.

From the drill-down view, you can select multiple incidents and relate them as duplicates of an original ticket.