Skip to main content


Splunk Lantern

Incident investigation overview


Incident investigation is where an incident is investigated for probable root cause. Collaboration with other teams or support personnel might be required. When done correctly, engaging the right team with the right level of speed and urgency requires a systematic approach. You will need to:

  • Gather all relevant information
  • Analyze the information to isolate the cause of the issue
  • Alert the right team member who is available and able to remediate the situation

The guides in the next section use a fictitious company CS Corp and its Online Boutique application for context and discussion purposes. To ensure Online Boutique’s application availability, the importance of efficient incident response cannot be overstated. By using Splunk On-Call to send alerts, CS Corp will be able to stop manually updating spreadsheets, call trees, and email incident management. This tool empowers fast and efficient incident resolution. The guides will provide a detailed look at the basic configuration and processes necessary to improve CS Corp’s business outcomes. The pink box in the solution flow diagram below highlights the area the guides focus on.


Incident investigation prescriptive outcome guide

This use case covers both the Incident Investigation and the Remediation focal areas of the AIOps lifecycle. 

What to do if you get stuck

Still having trouble? Splunk has many resources available to help get you back on track.

Next steps 

Now you're doing more with your data, get even more value through implementing additional use cases.