Incident Detail
The Incident Detail page shows everything recorded when an incident was opened: the type, timeline, root cause, and the exact monitor configuration that was active at the time.
Accessing the Page
Click Details on any row in the Incident History page, or navigate to /monitoring/incidents/{incident_id}.
Incident Overview
The top section shows:
| Field | Description |
|---|---|
| Type | Category: Downtime, Defacement, or SSL Expiry |
| State | Open or Resolved |
| Started at | Date and time the incident was opened |
| Resolved at | Date and time the incident closed (absent if still open) |
| Duration | Time between opening and resolution (absent if still open) |
Root Cause
The root cause field contains the message generated by the check that triggered the incident. Examples:
HTTP Error: 503— the server returned a non-2xx responseMissing required keywords: "checkout", "login"— positive keywords were not foundFound forbidden keywords: "hacked"— a negative keyword matchedCertificate expires in 6 days (Critical)— SSL certificate approaching expirySSL Error: :connection_refused— the SSL handshake failed
Monitor Snapshot
The monitor snapshot records the configuration values that were active when the incident was opened: URL, method, keywords, interval, and other settings. This lets you audit what rules were in effect even if the monitor has since been updated.
Navigation
Use the sub-navigation bar to move between the monitor's Detail, Daily Metrics, Technical Logs, and Incidents pages.