Incident investigation overview

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Incident investigation is where an incident is investigated for probable root cause. Collaboration with other teams or support personnel might be required. When done correctly, engaging the right team with the right level of speed and urgency requires a systematic approach. You will need to:

Gather all relevant information
Analyze the information to isolate the cause of the issue
Alert the right team member who is available and able to remediate the situation

The guides in the next section use a fictitious company CS Corp and its Online Boutique application for context and discussion purposes. To ensure Online Boutique’s application availability, the importance of efficient incident response cannot be overstated. By using Splunk On-Call to send alerts, CS Corp will be able to stop manually updating spreadsheets, call trees, and email incident management. This tool empowers fast and efficient incident resolution. The guides will provide a detailed look at the basic configuration and processes necessary to improve CS Corp’s business outcomes. The pink box in the solution flow diagram below highlights the area the guides focus on.

Incident investigation prescriptive outcome guide

This use case covers both the Incident Investigation and the Remediation focal areas of the AIOps lifecycle.

Investigating and remediating alerts from web applications

What to do if you get stuck

Still having trouble? Splunk has many resources available to help get you back on track.

Splunk OnDemand Services: Use these credit-based services for direct access to Splunk technical consultants with a variety of technical services from a pre-defined catalog. Most customers have OnDemand Services per their license support plan. Engage the ODS team at OnDemand-Inquires@splunk.com if you require assistance.
Splunk Answers: Ask your question to the Splunk Community, which has provided over 50,000 user solutions to date.
Splunk Customer Support: Contact Splunk to discuss your environment and receive customer support.
Splunk Observability Training Courses. Comprehensive Splunk training to fully unlock the power of Splunk Observability Cloud.

Next steps

Now you're doing more with your data, get even more value through implementing additional use cases.