Note: Sift is currently in public preview. Grafana Labs offers support on a best-effort basis, and there might be breaking changes before the feature is generally available.
Sift is a powerful diagnostic assistant powered by Grafana Machine Learning that performs investigations on your infrastructure telemetry, helping you identify critical details during incidents.
Sift investigations can significantly enhance your incident resolution process within Grafana Incident. Use Sift to get valuable suggestions while working to resolve an active incident.
For more information about how Sift works and what checks are performed, refer to the Sift Machine Learning documentation.
Start a Sift investigation
Note: Sift investigations are currently focused on Kubernetes-centered stacks, and require a
namespaceto perform checks. Future versions will support any monitoring environment; let us know what you’d like to see in our grafana/incident-community repo.
There are currently two main ways to leverage Sift’s capabilities in Grafana Incident:
- Manually run a Sift investigation from an incident
- Add a dashboard to the incident timeline
Run a Sift investigation
Note: When a Sift investigation is triggered from within an incident, the
Timerangeis automatically set to the incident start time through the time the investigation is triggered.
To initiate a Sift investigation tailored to the incident, follow these steps:
- Navigate to Suggestions in the right sidebar of the incident timeline.
- Click Start Sift investigation.
- Add the
namespacethen click Start investigation.
Add dashboards to the incident timeline
When linking dashboards to an incident timeline, ensure they include
namespace references. Sift extracts these references and uses them for relevant investigations tied to the incident.
Manage Sift suggestions
Once your Sift checks are complete, the results are available in the right sidebar of the Incident timeline under Suggestions.
View Sift suggestions
When a Sift check identifies relevant results, clickable links appear in the right sidebar under Suggestions.
To review detailed insights about a specific Sift check, click the view details icon on the relevant suggestion to explore the results.
Add suggestions to the timeline
You can directly incorporate important Sift suggestions into the main timeline. This helps provide context and valuable information to other stakeholders and responders.
To add a suggestion to the timeline, click the + icon next to the relevant suggestion.
If a Sift suggestion is deemed irrelevant to the incident or resolution process, you can remove it from the suggestions list.
Click the trash can next to a suggestion to remove it from the list.