Create and manage cases

Serverless Observability Stack

Open a new Observability case to keep track of issues and share the details with colleagues. You can create and manage cases using the cases UI.

To create a case:

1. Find Cases in the main menu or use the global search field.

2. Click Create case.

3. Stack Preview Serverless Preview (Optional) If you defined templates, select one to use its default field values.

4. Give the case a name, severity, and description.

   Tip

   In the Description, you can use Markdown syntax to format text.

5. (Optional) Add a category, assignees, and tags.

   Stack

   You can add users only if they meet the necessary prerequisites.

   Serverless

   You can add users who are assigned the Editor user role (or a more permissive role) for the project.

6. If you defined custom fields, they appear in the Additional fields section.

7. (Optional) Under External Connector Fields, you can select a connector to send cases to an external system. If you’ve created any connectors previously, they will be listed here. If there are no connectors listed, you can create one. For more information, refer to External incident management systems.

   Note Stack Planned

   When specifying Additional fields for an IBM Resilient connector, fields that are set when an incident is created or changed (for example, an incident is closed) won't display as an option.

8. After you’ve completed all of the required fields, click Create case.

After you create a case, you can upload and manage files on the Files tab. To find the tab:

• Stack Planned : Go to the case's details page, then select the Attachments tab.
• Stack 9.0.0 : Go to the case's details page.

To download or delete the file or copy the file hash to your clipboard, open the action menu . The available hash functions are MD5, SHA-1, and SHA-256.

When you upload a file, a comment is added to the case activity log. To view an image, click its name in the activity or file list.

To send a case to an external system, click the button in the External incident management system section of the individual case page. This information is not sent automatically. If you make further changes to the shared case fields, you should push the case again.

For more information about configuring connections to external incident management systems, refer to Configure case settings for Elastic Observability.

You can search existing cases and filter them by attributes such as assignees, categories, severity, status, and tags. You can also select multiple cases and use bulk actions to delete cases or change their attributes.

Stack Planned To find cases that were created during a specific time range, use the date time picker above the Cases table. The default time selection is the last 30 days. Clicking Show all cases displays every Observability case in your space. The action also adjusts the starting time range to the date of when the first case was created.

To view a case, click on its name. You can then:

• Add and edit the case's description, comments, assignees, tags, status, severity, and category.
• Add a connector (if you did not select one while creating the case).
• Send updates to external systems (if external connections are configured).
• Refresh the case to retrieve the latest updates.
• Add and manage the following items:
  • Alerts
  • Files