►
From YouTube: Triage Walk-through - June 2020
Description
Walk-through of Alert and Incident Management features
A
A
I'm
gonna
dive
into
the
list
of
alerts
so
get
lab
now
aggregates
IT
alerts
from
any
external
source
that
you
integrate
with
the
rest
endpoint
for
this
project,
I've
already
set
up
that
rest
endpoint
and
then
use
the
curl
command
to
generate
some
alerts.
So
we
can
explore
the
different
tools
that
we
can
use
to
triage
them.
So
what
we're
looking
at
is
the
aggregated
list
of
alerts
at
a
high
view.
A
We've
got
a
couple
of
different
attributes
here:
severity
start
time
and
time
name
of
the
alert
number
of
times
that's
fired
who's
assigned
and
then
the
status
so
something
commonly
that
I'll
do
when
triaging
alerts
is
either
sort
by
severity
and
start
time
so
sorting.
By
start
time,
I
can
see
that
I've
got
a
high
severity
alert
that
came
in
about
30
minutes
ago.
A
I've
got
a
little
bit
of
information
on
what's
happening
and
I'm
gonna
go
ahead
and
acknowledge
that
so
that
other
team
members
of
my
know
that
I'm
working
on
it
and
don't
duplicate,
work
or
ask
questions.
They
know
that
I'm
taking
care
of
that
so
I'm
also
going
to
assign
myself
because
I'm
starting
the
initial
investigation.
A
So
taking
a
look
at
this
alert.
The
overview
tab
gives
me
a
few
high-level
attributes
to
help
orient
to
what's
going
on,
I
see
it's
hitting
my
Bob
burgers
production
service,
that's
something
that
I
want
running
for
my
customers
and
it
looks
like
it
started
30
minutes
ago.
So
I
need
to
check
out
to
see
if
this
is
impacting
the
availability.
And
then
you
can
also
see
that
in
the
system
notes
of
this
alert
we're
tracking
status
changes
and
then
assignee.
So
we
can
see
that
I
signed
it
to
myself
here.
A
A
Know
it's
coming
from
my
monitoring
tool,
which
is
on
this
critical
service
and
then
I've
got
this
notes
field
which
should
be
giving
me
more
information,
probably
want
to
make
that
a
bit
cleaner.
So
it's
a
lot
easier
to
read
through
so
I
think
that
I
want
my
team
to
respond
to
this
I
think
that
we
need
to
create
a
critical
incident
for
this
so
that
we
can
get
the
service
restored
and
I'm
going
to
do
that
by
creating
an
issue
for
this.
A
So
this
is
going
to
convert
that
alert
into
an
issue
into
an
incident
issue
and
I
know
that,
because
it's
labeled
incident
and
now
that
that
now
that
this
is
an
incident,
I've
got
a
few
more
tools
at
my
disposal
that
I'll
be
able
to
use
to
respond
to
this.
So
now
that
I've
created
this
issue,
I
want
to
make
sure
that
my
team
knows
about
it.
A
And
so,
if
I
come
over
here
into
the
slack
channel
that
I've
got
set
up
with
this
project,
you
can
see
that
the
off
spot
sent
in
the
alert
when
it
initially
fired,
and
then
that
I
created
an
incident
issue
for
this.
So
slack
is
really
commonly
uses.
A
central
command,
Notification
Center
for
alerts
and
incidents
to
the
fact
that
get
labs
sends
these
to
slack
makes
it
really
easy
to
notify,
share
findings.
A
Things
of
that
nature
for
critical
incidents
so
clicking
on
it's
going
to
take
me
back
into
get
lab,
so
something
else
I'm
gonna
want
to
do
here.
My
Bob
burgers
service
looks
to
be
impacted
for
customers,
so
I
want
to
tell
my
customers
and
my
other
business
stakeholders
what's
going
on
and
I
can
do
that
by
publishing
to
a
Status
page
using
the
slash
command.