An incident in BigPanda consists of correlated alerts that require attention, such as an outage, performance issue, or service degradation.
As raw data is ingested into BigPanda from integrated tools, the platform correlates related alerts into high-level incidents. Incidents in BigPanda provide context to issues and enable teams to identify, triage, and respond to problems quickly before they become severe.
BigPanda consolidates event data from various sources into a single pane of glass for insights into multi-source incident alerts and the IT environment’s overall health. This enables ITOps, incident management, and SRE teams to investigate and analyze incidents, determine their root cause, and take action easily—all from one screen.
The lifecycle of an incident is defined by the lifecycle of the alerts it contains. An incident remains active if at least one of the alerts is active. BigPanda automatically resolves an incident when all its related alerts are resolved and reopens an incident when a related resolved alert becomes active again.
This section reviews the incident volume, the ratio of alerts correlated into incidents, the ratio of events compressed into incidents, and the environments per organization.
Key incident highlights:
This section reviews the annual incident volume, the annual incident volume by industry, and the daily incident volume for the organizations included in this report.
BigPanda generated nearly 132 million incidents in 2024, or over 131 million incidents per year after filtering out the five event outliers. The median was 177,949 incidents per year per organization.
of organizations experienced 250K+ incidents per year
Annual incident volume (n=125)
Looking at the median annual incident volume per organization by industry, the data showed that:
Comparing the median to the mean (average) shows that:
Median and average annual incident volume per organization by industry (n=125)
The median daily incident volume was 545 incidents per day. After excluding the 3% of organizations with more than 25,000 incidents per day (outliers), the median barely shifts (from 545 to 494), reinforcing that most organizations remain in the low-to-medium range.
of organizations experienced 500+ incidents per day
Daily incident volume (n=125)
Alert correlation, also known as event correlation, uses correlation patterns to consolidate alerts from external observability and monitoring tools, significantly reducing alert noise and giving teams actionable insights to resolve incidents before they become outages. The alert-to-incident correlation rate is the percentage of alerts correlated into incidents.
A healthy alert-to-incident correlation rate range is 40–75%. Anything under 40% usually leaves something on the table; anything over 75% usually means too much correlation. It’s a delicate balance.
The median alert-to-incident correlation rate was 67%.
of organizations had a healthy alert correlation rate (40–75%)
Alert-to-incident compression rate compared to median event volume (n=125)
The data show that alert volume alone does not determine correlation efficiency. Still, there’s a mild tendency for organizations with a high volume of alerts to achieve better correlation, likely due to operational scale.
The incident compression rate, sometimes called just compression or compression rate, is the percentage of events compressed into incidents (event-to-incident compression rate).
The event-to-incident compression rate ranged from 70.9% to 99.9%, and the median was 97.3%.
of organizations achieved a strong incident compression rate (95+%)
Event-to-incident compression rate compared to median event volume (n=125)
The median event volume did not always correlate with the compression rate range. For example, organizations in the 97.5–98.4% range compressed more efficiently than those in the 95–97.4% range, yet had a slightly lower event volume. This implies that compression quality is not solely a function of volume; configuration and filtering are likely key drivers.
In BigPanda, an environment is a configurable view of the IT infrastructure that helps teams focus on specific incident-related information.
Environments filter incidents on properties, such as source and priority, and group them for improved visibility, automation, and action. They are customizable and make it easy for teams to focus on incidents relevant to their role and responsibilities, including filtering the incident feed, creating live dashboards, setting up sharing rules, and simplifying incident searches.
Excluding the five outliers, the median number of environments per organization was 58.
of organizations had 50+ environments
Number of environments per organization (n=125)