How It Works
You can create a sub-incident directly from an existing incident in the Rootly web interface.This is useful when multiple teams need to investigate different parts of a larger incident while keeping everything linked and coordinated.
Step 1 — Open the Sub-Incident Action
In any parent incident, click the ⋯ (More) menu next to the incident title or status.You will see Create Sub-Incident when:
- The incident is not already a sub-incident
- The incident is not a scheduled maintenance incident
- You have permission to create incidents
Step 2 — Complete the Sub-Incident Form
Selecting Create Sub-Incident opens the standard New Incident form.Rootly automatically injects a hidden
parent_incident_id, ensuring the new incident is created as a sub-incident.
You can customize:
- Summary
- Severity
- Impacted services & functionalities
- Roles, assignees, and metadata
- Any fields defined in Configuration → Forms & Fields
What Happens After Creation
Once saved:- The new incident becomes a sub-incident of the parent
- Its kind is automatically derived (e.g.,
normal_sub,scheduled_sub) - The parent incident displays a Sub-Incidents panel linking to all sub-incidents
Sub-incidents cannot themselves create further sub-incidents.
They represent the lowest level in an incident hierarchy.
They represent the lowest level in an incident hierarchy.
Optional: Attach an Existing Incident as a Sub-Incident
If you already have an incident you want to convert into a sub-incident:- Open the child incident
- Go to ⋯ → Attach to Parent Incident
- Choose a parent incident from the autocomplete search
- Save
- The incident is not already a sub-incident
- It has no sub-incidents of its own
- You have permission to create incidents
Best Practices
-
Use sub-incidents when multiple teams or domains are involved
Helps isolate workstreams while maintaining a unified parent incident. -
Keep naming clear and scoped
Example: “Database Failover Sub-Incident (SRE)” or “Authentication Latency (Identity Team)”. -
Enable workflows
Many teams auto-assign roles, create tasks, or spin up Slack channels for sub-incidents. -
Avoid unnecessary sub-incidents
If the effort is small or tightly scoped, keep work in the main incident. -
Review sub-incidents together during retrospectives
They provide excellent insight into how different teams contributed to resolution.
Troubleshooting
I don’t see the 'Create Sub-Incident' option
I don’t see the 'Create Sub-Incident' option
This usually occurs when:
- The incident is already a sub-incident
- The incident is a scheduled maintenance incident
- You lack create incident permissions
- Your team has feature restrictions
I can't attach an existing incident to a parent
I can't attach an existing incident to a parent
This happens if:
- The incident already has a parent
- It has its own sub-incidents (nested sub-incidents are not allowed)
- The incident was created as scheduled maintenance
- You don’t have adequate permissions
The wrong fields were inherited
The wrong fields were inherited
Inheritance varies depending on:
- Workflow automation
- Feature flags (e.g., parent/sub synchronization)
- Privacy rules
- Origin of creation (Slack vs Web)
Timeline syncing is not working
Timeline syncing is not working
Timeline sync requires:
enable_parent_and_sub_incident_syncfeature flagparent_to_sub_incident_syncenabled on the incident
Only non-internal timeline events sync across related incidents.