Login
      Contents x
      Incident Clustering
      • 21 May 2025
      • 4 Minutes to read
      • Print
      • PDF
      Contents

      Incident Clustering

      • Updated on 21 May 2025
      • 4 Minutes to read
      • Print
      • PDF
      Article summary

      Copilot integrates Generative AI with advanced Incident Clustering techniques to help IT teams move from reactive problem-solving to proactive incident management. Using cutting-edge machine learning algorithms and large language models (LLMs), Copilot automatically categorizes and clusters incidents based on similarities in symptoms, descriptions, priorities, and patterns giving you a clear, visual overview.

      Incident Clustering visually groups related incidents using an interactive bubble chart. Each bubble (or “cluster”) contains incidents that share a common symptom.

      This view helps analysts:

      • Quickly identify recurring issues or potential problems

      • Spot emerging major incidents early

      • Prioritize critical (P1) incidents with visual indicators

      • Improve resolution time through better context and insight

      With color-coded visualizations, symptom filters, and tooltip-based insights, Incident Clustering makes it easy to understand complex data at a glance.

      Incident Clustering

      Copilot leverages advanced machine learning techniques, algorithms, and large language models to categorize incident data into clusters based on similarities in symptoms, descriptions, priority levels, and other parameters. This proactive approach helps you identify potential problems, potential major incidents, major incidents and other priority 1 incidents.

      To view the Incident Cluster, perform the following steps:

      1. Navigate to Incidents > Manage Incidents from the left menu. The list of Incidents in displayed.

      2. Clickon the top of list.

        Figure: Incident Clustering button

      3. A cluster of all the Incidents is displayed in the form of bubbles.Figure: Incident Cluster

      Details about Incident Cluster

      The Incident(s) is presented in a circular shape. Outer circle provides details about the common symptom that the Incidents share and the inner circle provides details about each Incident.

      Outer Circle

      Each bubble in the Incident Cluster contains Incidents with similar Symptom. The outer circle of a bubble represents the common incident symptom. When you hover over the outer bubble, the tooltip displays the common Incident symptom of the Incidents contained in that bubble.

      Figure: Outer circle tooltip in bubble

      Note

      Outer Circle (Cluster Symptom): Shows the shared symptom among incidents in a cluster. Hover to view the common symptom.

      Inner Circle

      Each of the inner circle in a bubble represents an Incident. When you hover over any of the inner bubble, the tooltip displays details about that Incident (Ticket ID, Symptom, Description). Refer the below screenshot:
      Figure: Inner circle tooltip in bubble

      Note

      Upon clicking the inner circle of a bubble the page opens that particular Incident record in a new tab. The outer circle of a bubble will open the list page of all Incidents with the same Incident symptom.
      Inner Circles (Individual Incidents): Each represents an individual ticket. Hover for details like Ticket ID, Symptom, and Description.

      The Incident Cluster screen lists out all the Incident symptoms with the color codes on the left side of the screen.Figure: Incident symptoms list

      Filter Incident Cluster

      To Filter Incidents in the Incident Clustering, perform the following steps:

      1. Filter the Incident Cluster by clicking on a particular Incident symptom on the left side list. This will strike off the Incident symptom from the list on the left side. Subsequently, the bubble of that particular Incident symptom is removed from the cluster.
        Figure: Filter Incident cluster

      2. Click vertical ellipsis to view and act on different options within the Incident Cluster.

        Figure: Image actions

        Following are the options to act on the Cluster.

        Field

        Description

        View in full screen

        Select to view the Incident Cluster on a Full screen.

        Print Chart

        Select to Print the Incident Clustering chart.

        Download PNG Image

        Select to download the image in PNG format.

        Download JPEG Image

        Select to download the image in a JPEG format.

        Download PDF Document

        Select to down the image in a PDF Document.

        Download SVG vector image

        Select to download the image in SVG vector image.

      Priority 1 (P1) Incidents

      The inner bubbles are color coded to denote the priority levels. All the Incidents with P1 priority are highlighted with red circular border. The Incident Cluster chart includes an indicator for P1 incidents at the bottom, marked with a red highlight border.

      Figure: Incidents P1 Indicator

      Potential Major Incidents

      Incident Cluster highlights the potential major incidents in a orange color bubble in case of the following conditions:

      • If there are more than three Priority 2 Incidents of the same category, and;

      • If there are Incidents related to system crash, slow performance, or data loss.

      The Potential Major Incidents are also marked in the left side list, with details shown in brackets. This helps in prioritizing critical issues, understanding the scope and impact of incidents, and making informed decisions for effective incident management and resolution. Refer the below sample screenshot:

      Figure: Potential Major Incidents

      When you hover over the orange color bubble, then the tooltip displays the following information.

      Figure: Potential Major Incidents - tooltip

      Potential Problem Detected

      Incident Cluster detects and highlights Potential Problems if there are three Incidents grouped under same category with a semi-transparent red color bubble.

      Figure: Potential Problem Detected

      When you hover over the red color bubble, the tooltip displays details about the Potential Problem Detected along with the Incident symptom.

      Figure: Potential Problem Detected - red bubble

      Major Incidents

      Incident Cluster flags a ticket with Major Incident flag. Flagging a Major Incident in the Incident Cluster provides a clear and immediate overview of critical issues within the context of all incidents. This helps prioritize response efforts and streamline communication among support teams. Additionally, it offers a comprehensive understanding of the incident landscape, enabling faster resolution of high-impact problems and minimizing downtime.

      Was this article helpful?
      What's Next
      Change password!
      Changing your password will log you out immediately. Use the new password to log back in.
      Change profile
      Success!
      First name must have atleast 2 characters. Numbers and special characters are not allowed.
      Last name must have atleast 1 characters. Numbers and special characters are not allowed.
      Enter a valid email
      Enter a valid password
      Your profile has been successfully updated.
      Logout
      ESC

      Eddy AI, facilitating knowledge discovery through conversational intelligence