Get Incident
Get incident by ID.
External Documentation
To learn more, visit the Splunk Observability documentation.
Parameters
| Parameter | Description |
|---|---|
| Incident ID | The ID of the incident. Can be obtained from List Incidents action. |
Example Output
{
"active": false,
"anomalyState": "ANOMALOUS",
"detectLabel": "string",
"detectorId": "string",
"duration": 0,
"events": [
{
"anomalyState": "ANOMALOUS",
"detectLabel": "string",
"detectorId": "string",
"detectorName": "x",
"event_annotations": {
"<property name>": "any"
},
"id": "string",
"incidentId": "string",
"inputs": [
{
"dimensions": {
"<property name>": "any"
},
"fragment": "string",
"value": 0
}
],
"severity": "Critical",
"timestamp": 1557484230000
}
],
"incidentId": "string",
"linkedTeams": [
"AbcdEf1ABCD",
"FO1Vq3ABXYZ"
],
"severity": "Critical"
}
Workflow Library Example
Get Incident with Splunk Observability and Send Results Via Email
Preview this Workflow on desktop