Create an incident

Last update: July 19, 2021

Overview

Incident management is at the heart of how Rootly works. This page will describe the different ways you can create, manage, and resolve incidents with Rootly.

There are four main ways to easily create a new incident within Rootly.

  • Via Slack.
  • Via the Rootly web UI.
  • Via third-party services such as PagerDuty, VictorOps, and Opsgenie.
  • Via the API.


Creating an Incident using the Web Interface

Another simple way to create an incident is through the web UI. Creating incidents through the web UI does not require any additional integrations to work.

Creating Incidents

To create an incident through the web UI, do the following:

Towards the upper-right side of any screen in Rootly, locate the Create Incident button and click it.



You will be presented with the New Incident Details dialog, where you can begin to add details. At a minimum, you will need to input a title for the incident. If you don't know the rest of the information, you can always create the incident and come back to edit it after the fact to add more details.

Once you are done filling in the details, click Create Incident.



You will be taken to a screen with all of the current details of the incident.



Resolving Incidents

To resolve an incident in Rootly, click the Mark as Mitigated button on the incident details screen.



You will be presented with a dialog to explain any actions taken to mitigate the incident. Once you've filled it out, click the Mark as Mitigated button once more.



Once all of the followup for the incident has been done, you can resolve it through Rootly by clicking the Mark as Resolved button.



You will be presented with a dialog where you can enter any additional details about the incident resolution. Once completed, click the Mark as Resolved button once more.




Creating Incidents using PagerDuty

All PagerDuty alerts can flow into Rootly for incident management if desired. By now, you should have your integration between Rootly and PagerDuty configured, as well as the services on which you wish to alert.

To create an alert from PagerDuty, do the following:

Log into the PagerDuty account where you first created the new integration.

Click the New Incident button, which should be available from most pages within PagerDuty.



In the Create New Incident dialog, select the Impact Service, which should be one of the services you integrated earlier with Rootly. Add a descriptive Title, and fill in any other fields as needed.



Click Create Incident.

You will then be taken to the page for that incident.



Now, login to Rootly if you aren't already, and navigate to Configuration, then Alerts.



There, you will see the list of current alerts, where you can create an incident for that alert if desired. To do so, click the Create Incident button on the right side, and follow the standard incident workflow outlined previously.



When you create an incident in Rootly from an alert in PagerDuty, management of that incident can then be done via Rootly. Resolving the incident in Rootly will also resolve it in PagerDuty.

When resolving incidents, note the following:

  • Marking an incident as resolved in Rootly will mark this incident as resolved in PagerDuty for all linked services associated with this incident.
  • Marking an incident as resolved in PagerDuty will not mark this incident as resolved in Rootly.



Creating Incidents using the API

Creating an incident through API is also an option and more documentation is available at: 


Creating an Incident using Slack

To create an incident using Slack, you will first need to configure the Slack Integration. See our Quick Start Guide for help on setting that up.

Once you have the Slack integration configured, type the following command:

  • /rootly create "Help! This is a test incident"

You will be presented with a dialog to enter additional information about the incident, including a description, severity, environment, and so on. If you don't have all of the information for an incident when you create it, you can always enter it later. No additional information is required to create an incident except a title.


When finished adding incident details, click the Create button.

If you selected the option to "Automatically create a Slack channel when declaring a Rootly incident" during configuration of the Slack integration (the default), then a new channel will be created in Slack for this specific incident.

You will see information similar to the following:



It is also possible to see all of the current incident information via the Rootly web interface. In the navigation bar, click on Incidents, then Incidents again, you can see the incident you just created.



You can list currently unresolved incidents in Slack by typing:

  • /rootly list

Once you are ready to resolve your incident, you have the option of resolving it via the web interface (discussed earlier in this document) or through Slack.

To resolve the incident via Slack, type the following command in the channel specific to that incident:

  • /rootly resolve

A dialog will be presented where you can enter an explanation for the resolution, and then click Submit. Note that if you select "Mark incident as Mitigated", you will still need to resolve that incident later via Slack or the web interface.



If you aren't sure what command you need to type in Slack, or to see all available commands, type:

  • /rootly help

Supported commands that can be used anywhere in Slack:

  • /rootly create | new <title> - This will create a new incident with a dedicated channel.
  • /rootly list - This will display a list of up to ten incidents.
  • /rootly help - Shows available commands for interacting with the Rootly Slack bot.

Supported commands that can only be used from an incident's Slack channel:

  • /rootly add event <note> - This will create a new event and add it to the timeline event.
  • /rootly add action item - This will create a new action item and add it to your incident.
  • /rootly add team - This will attach a team to an incident.
  • /rootly add service - This will attach a service to an incident.
  • /rootly add functionality - This will attach a functionality to an incident.
  • /rootly mitigate - This will mark an incident as mitigated.
  • /rootly resolve - This will mark an incident as resolved.
  • /rootly publish - This will publish an incident and make it visible to your public status pages.