> For the complete documentation index, see [llms.txt](https://docs.ilert.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.ilert.com/incidents-and-status-pages/incidents/declare-an-incident.md). # Declare an incident There are two ways to declare an [incident](/incidents-and-status-pages/incidents.md): from scratch, or from an existing alert. Either way, the incident starts in the **Declared** status and you can begin coordinating immediately. ## Declare an incident from scratch Declare an incident from scratch when the issue is not tied to an alert—for example a customer-reported problem, a third-party outage, a security event, or a response exercise. {% stepper %} {% step %} #### Open the declare dialog Go to **Incidents** in the main navigation and click **Declare incident**. {% endstep %} {% step %} #### Fill in the incident details
The Declare incident dialog

Declaring an incident from scratch

| Field | Required | Description | | --------------------------- | -------- | ---------------------------------------------------------------------------------------------------------------- | | **Title** | Yes | A short, internal description of what is happening. It is never shown publicly. | | **Severity** | Yes | The [business impact](/incidents-and-status-pages/incidents.md#severity) of the incident. Defaults to **SEV3**. | | **Summary** | No | What is known so far and what is affected. You can draft it with the ilert AI button. | | **Affected services** | No | The [services](/incidents-and-status-pages/services.md) impacted by the incident, each with an impact level. | | **Create incident channel** | No | Connect a [chat channel](/incidents-and-status-pages/incidents/incident-channels.md) for real-time coordination. | | {% endstep %} | | | {% step %} #### Declare the incident Click **Declare incident**. The incident is created and opens in the [incident view](/incidents-and-status-pages/incidents.md#the-incident-view), ready for you to page responders and track the response. {% endstep %} {% endstepper %} ## Declare an incident from an alert When an alert reveals an issue that needs coordinated response, declare an incident directly from it. Open the alert and click **Declare incident**.
Declaring an incident from an alert

Declaring an incident from an alert

The dialog is pre-filled from the alert so you can declare in seconds: * The **title** is taken from the alert title. * The **summary** is generated from the alert details. * **Affected services** are pre-selected from the alert's related services—you set the impact level for each. * The alert is **linked** to the incident, and its responders are added to the incident. If the alert has an escalation in progress, that escalation continues on the incident, so the people already being paged are not lost. ## Linking alerts to an incident Linking tells ilert which alerts contributed to an incident. It keeps the noise of individual alerts out of the way while the incident becomes the single place to coordinate. The alert you declare an incident from is linked automatically. To link more alerts, open the incident and click **Link alert** in the **Linked alerts** section. When an alert is linked to an incident: * the alert's status changes to **Linked**; * its escalation stops—the incident now owns the response; * its responders are added to the incident; * it resolves automatically when the incident is resolved. {% hint style="info" %} An alert can be linked to only one incident at a time. {% endhint %} ### Unlinking an alert If an alert was linked by mistake, open the incident and click **Unlink** next to it. The alert returns to the **Accepted** status. Its escalation does **not** resume automatically—if the alert still needs attention, re-trigger escalation on the alert. ## Affected services and impact levels Affected services record which business capabilities an incident is impacting, each with an [impact level](/incidents-and-status-pages/services.md) such as *Degraded* or *Major outage*. Setting or changing affected services on an incident updates ilert **internally**—it is reflected on internal dashboards and on the incident itself. It does **not** change anything your customers see. {% hint style="info" %} The public status of a service changes only when you [post a status update](/incidents-and-status-pages/status-updates.md). This keeps you in control of what is communicated, and when. {% endhint %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ilert.com/incidents-and-status-pages/incidents/declare-an-incident.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.