Incident correlation
Service desk managers can access the Real-time incident correlation dashboard from BMC Helix ITSM by using the BMC Helix ITSM Insights license. This workspace enables you to view emerging issues in real time for a quick response. Also, this workspace provides agents an efficient way to formally relate multiple incidents to reduce duplicate work.
To access this workspace, click More > Workspaces > Real-time incident correlation in BMC Helix ITSM.
Watch the video to understand Real-time incident correlation in BMC Helix ITSM Insights
Overview of the Real-time incident correlation dashboard
New, incoming incidents appear as clusters in the Real-time incident correlation dashboard. The dashboard automatically refreshes every one minute. You can also use the refresh icon to refresh the dashboard manually at any time.
Each horizontal tile on the dashboard represents a cluster as shown the following image:
A typical cluster has incidents that belong to your assigned company and support group.
Clusters appear on the dashboard based on the following criteria:
- The cluster must contain at least a certain number of incidents(based on configuration).
- The cluster must contain incidents that are assigned to your company or your support.
The clusters that have a major incident or a possible major incident are marked in the dashboard as shown in the following image:
Cluster labels
The following table describes the scenarios when the clusters have a label:
Cluster indicated as... | Scenario |
|---|---|
Major Incident in Cluster | When the cluster contains an incident that has been marked as a major incident in BMC Helix ITSM. For more information, see Managing major incidents. |
Possible Major Incident |
|
When all major incidents are updated as usual incidents in a cluster, the Major incident in Cluster indicator is no longer displayed.
When all major incident candidates are updated as usual incidents in a cluster, the Possible Major Incident indicator is no longer displayed.
Cluster sort and filter options
You can sort the clusters by the following characteristics:
- Average priority—Sort clusters on the basis of average priority. Clusters with the highest average priority are displayed first.
- Number of incidents—Sort clusters on the basis of the number of incidents in a cluster. Clusters with the highest number of incidents are displayed first.
- Trend over the last 'n' hours—Sort clusters on the basis of the number of incoming incidents in a cluster. Clusters with the highest number of incoming incidents are displayed first.
The count of incidents is updated based on the number of incidents matching the filter criteria in the cluster. Clusters that do not have incidents that match the filter criteria are not displayed. You can use the filter simultaneously with the text search for better results.
Cluster tiles
Inside a tile, you can view the following information by default:
- Name of the cluster
- Number of incidents—Indicates the total number of incidents grouped together in a cluster at a given point in time
- Trend line graph—Displays the historic growth of the number of incidents over the lifetime of the cluster
- Trend—Displays the number of new incidents that have been added to the cluster in the last 'n' hours
- The time elapsed since the cluster was formed
- Most frequent priority and average priority of tickets in the cluster
- Location—Displays the locations if available
Notifications of emerging major incidents
Major incidents cause widespread disruption in a service and potential impact on the business and organizations. As a major incident manager, receive notifications of emerging, potential major incidents in the Real-time incident correlation clusters. You need not constantly monitor the dashboard to track emerging, potential major incidents. An early notification helps you identify issues early, which may save time in the overall issue resolution and reduce the impact on business.
You can choose to receive notifications either via email, in-app, or both.
The emerging major incident notification provides you a quick overview of the following details:
- The cluster that may have potential major incidents
- The major incident criteria based on which the algorithm flags the cluster
Click to view a sample of the in-app notification
The in-app notification appears in the notification (
) of the navigation bar of BMC applications. Click the notification to view the message.
This is an example of the details that are displayed in the notification message:
Click to view a sample of email notification
The email notification appears in the mail ID registered in the CTM:People form. Open the email to view the message.
This is an example of the details that are displayed in the notification message:
Click the cluster that appears in the notification message to view more details in the Real-time incident correlation dashboard.
To learn more about major incidents, see Managing major incidents.
Incident cluster details
Click the cluster name to view more details of the cluster. The incidents in the cluster are displayed in a tabular format. When you drill down into a cluster, you see only those incidents that are assigned to the company and support groups to which you belong.
If you have selected filter criteria in the Real-time incident correlation dashboard and drill down into a cluster, the list of incidents relevant to the selected filter criteria is displayed. The inherited filter criteria from the Real-time incident correlation dashboard is displayed in the screen as shown in the following image:
You can select additional filter criteria in the screen to further narrow down the incidents. However, you cannot remove the filter criteria inherited from the Real-time incident correlation dashboard.
Click an incident in the table. The incident ticket opens in Smart IT in a new tab.
From the drill-down view, you can select multiple incidents and relate them as duplicates of an original ticket.
