Manage the Incidents list

The Incidents page displays a list of all the incidents in your system that you have permission to view. You can use this screen to monitor the incidents across your organization, prioritizing which incidents require your attention based on their age, severity, status, or impacted services. If you experience a flood of incidents, you can also quickly reject the duplicate incidents by doing a bulk update of their status.

From this page, you can drill through to view a detailed timeline of how an incident is progressing, to engage resolvers to collaborate in real time, and to update the incident's details. For resolved incidents, Advanced plan customers can clearly see at a glance the status of any Post-Incident reports that have been created. Clicking the status links you to the report screen, so you can quickly review the information, make edits, or export it.

The following sections describe the actions you can perform on the Incidents page:

In the side navigation menu, click Incidents.

If you don't have permission to access and manage incidents in xMatters, the Incidents option does not appear in the navigation menu.

The Incidents list includes the incidents you have permission to view.

To more easily view data in the list, do one or more of the following:

  • To sort the content of a column in alphabetical or chronological order, click the column header. (Click the header again to reverse the sort order.)
  • To change the width of a column, move the pointer over the edge of the column and when the re-size icon appears, click and drag the column to the desired size.
  • To rearrange the columns, click and drag a column header to a new location on the table.
  • If the list contains more entries or columns than can be displayed on your screen, scroll horizontally or vertically. The system automatically loads more data as you scroll down the page.
  • To include or exclude columns, click the Columns drop-down menu and select or clear the columns that are included. When you've hidden a column and want to see it again, it is added as the last column of the table.

The Incidents list includes the following columns:

Column Description
Severity The severity assigned to the incident. Values include: Minimal, Low, Medium, High, and Critical.

Status

 The status assigned to the incident. Values include: Detected, In Progress, Mitigated, Resolved, and Rejected.
Incident The incident's summary and description.
Created The date and time the incident was initiated in xMatters.
Incident Commander The user assigned as the Incident Commander.
Incident ID

The incident's identifier in xMatters or an external system. (Incident IDs automatically assigned by xMatters are prepended with "INC-".)
Post-Incident Report The status of the Post-Incident Report. If the field is blank, a report hasn't been created yet. Values include: Draft, Ready for Review, Reviewed, Closed.
Impacted Services

The services reported as impacted by the incident. Services are color-coded to represent the highest incident severity they're affected by, for example:
Time to Acknowledge The time from when the incident resolution process began to when a resolver became engaged in xMatters.
Time to Resolve

The time from when an incident was detected, to when it was resolved.

 
Incident Type Properties

The value of any custom incident properties associated with an incident type.

The Incidents list includes a date selector you can use to view incidents that occurred during a specific timeframe. By default, incidents from all dates are displayed, but you can view incidents over a variety of past time intervals or over a specific date and time period.

To view incidents by date:
  1. On the Incidents page, select one of the following options from the date selector:
    • Past 24 Hours
    • Past 30 Days
    • Past 60 Days
    • Past 90 Days
    • All Dates
    • Date Range
  2. If you selected Date Range, use the calendar and time pickers to select the start and end time of the date range, then click Apply.

You can use the search bar to find incidents based on their summary, description, or incident ID.

Start typing in the search bar (a minimum of two characters is required). xMatters automatically updates the list to display items that contain (partially match) the search term, and highlights the portion of each item that matches the specified criteria. If you search multiple terms, xMatters returns incidents that match all of the terms.

To clear your search, click the 'x' in the right corner of the search bar.

The available filters allow you to narrow the incidents list based on matching specific criteria. For example, you can use filters to locate open incidents with high or critical severity that impact particular services, like the 'Inventory' service in the screenshot below:

You can apply one or more filters to narrow down the list of incidents. If you apply multiple filters, xMatters only returns incidents that match all of the specified filter criteria. For detailed instructions on how to use filters, see Filtering data tables.

The following table describes the available filters on the Incidents page and their values:

Filter Values
Status
  • Show All: All incidents, regardless of their status.
  • Open: Incident triage and analysis underway.
  • In Progress: Engaged resolvers working on incident resolution.
  • Mitigated: Incident no longer impacting users or services.
  • Resolved: Services have been restored.
  • Rejected: Reject incidents to reduce noise, eliminate duplicates, or exclude incident floods from analytics.

Severity
  • Show All: All incidents, regardless of their severity.
  • Minimal: Little or no impact to systems or services; no effect on customer or user access. Situation may require further monitoring.
  • Low: Minor impact to a non-essential system or service; customers and users unlikely to experience any effects. Situation requires further monitoring.
  • Medium: Moderate impact to one or more non-essential systems or services; customers and users may experience some difficulty accessing or performing operations. Unlikely to affect service-level agreements or revenue.
  • High: Significant impact to important systems or services; customers and users cannot access or perform some essential operations. Service-level agreements may be in jeopardy, and revenue loss is possible.
  • Critical: Important systems or services wholly unavailable; customers and users cannot access or perform most essential operations. Service-level agreements are in jeopardy, and significant revenue loss is possible.
Incident Commander
  • Show All: All incidents, regardless of their incident commander.
  • Me (First Last): Incidents that you are the incident commander of. For example, "Me (Mary McBride)".
  • Search to select other options: Type a search term to populate a list of matching incident commanders you can choose from.
Impacted Service

  • Show All: All incidents, regardless of the services that are impacted.

  • List of services: Select from a list of impacted services.
Engaged Resolvers
  • Show All: All incidents, regardless of associated resolvers.
  • Me (First Last): Incidents that you are or were previously engaged as a resolver. For example, "Me (Mary McBride)".
  • Search to select other options: Type a search term to populate a list of matching engaged resolvers you can select from (users, groups, and services).
  • Contains "search term": Select this option to display all engaged resolvers that include the search term.

Note: For 'Resolved' incidents, results also include subgroups or service owner groups which engaged when the parent group or service was targeted. For example, if the 'API' group was targeted as a resolver and contains a 'Mobile API' subgroup, if someone from the subgroup engages as a resolver, the filter results will return both the 'API' and 'Mobile API' groups when the incident status is 'Resolved'; only the parent 'API' group is returned as a resolver for all other incident statuses (Open, In Progress, Mitigated, and Rejected).
Targeted Resolvers
  • Show All: All incidents, regardless of targeted resolvers.
  • Me (First Last): Incidents that you are or were previously targeted as a resolver. For example, "Me (Mary McBride)".
  • Search to select other options: Type a search term to populate a list of matching targeted resolvers you can select from (users, groups, and services).
  • Contains "search term": Select this option to display all targeted resolvers that include the search term in their name or username.
Source
  • Show All: All incidents, regardless of the workflow that initiated the incident.
  • Search to select other options: Type a search term to populate a list of matching workflows you can select from.
  • Contains "search term": Select this option to display all workflows that include the search term in their name.
Custom Incident Properties

  • Show All: All incidents, regardless of the value of an incident property

  • Search to select other options: Type a search term to populate a list of matching incident properties you can select from.

Click an incident's summary to open it in the Incident Console.

By default, an incident can be viewed by:

  • The user who initiated the incident.
  • The incident commander.
  • Resolvers of the incident.
    • If the resolver is a group, the members and supervisors of that group. (This includes groups added as resolvers because they own an impacted service.)
  • Users who have been assigned tasks for the incident.
  • Company supervisors.

When a user who can view an incident has a scheduled absence, their temporary replacement can view the incident for the duration of the absence.

For detailed instructions on the different ways you can initiate an incident in xMatters, see Initiate an Incident.

The Incidents list includes controls to update the status and severity of incidents in bulk, rather than having to update each incident individually from the incident console.

This is useful when an event affecting your system or services triggers a flood of duplicate incidents. You can reject the duplicates to reduce noise, filter them from the Incidents list, and exclude them from your analytics.

To update incidents in bulk:
  1. On the Incidents list, use the search bar or filters to find the incidents you want to update.
  2. Select the check box beside an incident to select it, or use the Select All check box.
  3. To update the incident's status or severity, select the Update Status or Update Severity drop-down and select a new value.
    • xMatters displays the Bulk Update Incident Status or Bulk Update Incident Severity dialog box, depending on which field you chose to update.
    • To reject duplicate incidents, update their status to Rejected.
  4. Enter a note explaining the change. This justification is added to the timeline for each incident.
  5. Click Update.
  6. Once you've finished updating the incidents, close the update controls by clicking Done.

Click a service to display an info card with its name, type (indicated by the icon next to its name), description, active incidents, tier, owner, when it was last changed, and a link to view the service. If a service is undefined (not included in the Service Catalog), no additional information is included.


To view who is on call for a service:

Click the Owner group to view who is currently on call (including shifts, members, and escalations).

To view active incidents associated with a service:

The service info card includes a count of the number of active incidents currently impacting that service (incidents are considered active if their status is 'Open' or 'In Progress'). The incident icon (the flame icon) is color-coded by the highest severity of any active incidents impacting the service. In the example above, the service has 7 associated active incidents and the highest severity level of one or more of those incidents is 'Critical'. You can click the incident count to drill through to a filtered view of those incidents in the Incidents list.

Exporting incident details to an XLSX file enables you to store a copy of details about a filtered list of incidents, including information about the related incident commanders and impacted services. You can use this information to calculate the time to acknowledge and resolve incidents across a specific time period, view status and severity information, and share important incident information outside of xMatters.

To export the incident list:

  1. Click the Incidents tab.
  2. Refine the list of incidents that you want to export using the available filters.
  3. Click Export.
    • The incidents are exported to a file named Incidents.xlsx or Incidents-Filtered.xlsx.

Any search or filter criteria you've applied are preserved when the Incidents list refreshes. You have the option to manually refresh the list or enable Auto Refresh to refresh it automatically.

The Auto Refresh option is useful if you're displaying the list on a screen, such as in a NOC, and you want to always see the most recent incidents without having to manually refresh the screen. You may find it helpful to disable the Auto Refresh option when you're scrolling through the list to look at older incidents, so you're not taken back to the top of the table each time the list automatically refreshes.

To manually refresh the Incidents list, click the Refresh button.

To enable or disable Auto Refresh, select or clear the Auto Refresh check box.