Documentation forSolarWinds Service Desk

Service Level Management

You define service targets using SWSD's Service Level Management feature. By establishing service level agreements (SLAs), you can monitor, alert, and report on missed SLA targets.

Create a new SLA

SolarWinds recommends that before you begin creating a new SLA, make sure you understand how SWSD calculates SLAs. See Calculating SLAs for more information.
  1. Navigate to Setup > Service Desk > Service Level Management.

  2. In the All SLAs index page, click Add in the upper right.

  3. In the Add New Rule dialog, define your new SLA rule by completing the fields as described in SLA Rule Fields below.

  4. After configuring all the SLA rule fields, click Create.

SLA Rule Fields


Create a name that indicates the service level for internal service providers. To help with reporting, ensure the name is unique from other SLA names.

Define Target

Define the operations you expect your service agents to perform within an allotted period of time.

The targets include:

  • Not assigned
  • Not commented
  • Not resolved
  • No actions taken
  • No state change 

In addition to defining a target, you can set the SLA to follow your organization’s business hours by selecting Use Business Hours.

You can also elect to suspend the SLA timer during certain states of inactivity. For example, if an incident is in the Awaiting Customer Input state, you may not want that incident to breach the SLA.

Set Timer Indication Threshold

In an SLA, you can configure the Set Timer Indication Threshold settings to warn you before an upcoming breach. The Initial Pre-Breach Indication setting ensures you have sufficient time to address the incident prior to a breach. The Final Pre-Breach Indication setting reflects the actual business time before a breach occurs (based on the site or account).

Configure both indicators to warn you based on the number of days prior to the breach.

  1. Click the on/off toggle to On.

  2. For each type of indication your organization decides to use, click the dropdown menus and select minutes, hours, or days.

  3. Enter the number of minutes, hours, or days.

Certain factors can influence the report outcomes—for example, the time zone of the incident and the work hours. SWSD focuses on the time zone according to the incident site. If a site is not associated with the incident, SWSD will use the default time zone established for your organization.

Examples of factors that can influence report outcomes

Case 1: Sites with different business hours

Incident A within site 123 has an SLA with regular business hours set to Mon-Fri 8:00-17:00. Incident B within site 456 has an SLA with no defined business hours, or it has all-day marked for all days. If both breach at about one day, Incident A will show nine hours, and Incident B will show 24 hours.

A very small change in breach time can cause the sort to be 24h (for B) and 9h (for A).

The sort is still accurate, but it is important to take these details into account.

The sort is still accurate, but it is important to take these details into account.

Case 2: Incidents with different time zones

Incident A is within a site using a USA time zone. The breach will be reflected in the beginning of the next work day. Incident B has no selected site. It will use Jerusalem (the default account time zone) and breach in three hours.

If it is 9AM in Israel, the sort will be B, A because B will breach first. But the display will be out of order--for example, B (3h) and A (0m).

This sort is accurate. Take time to understand these cases to determine how to best proceed in resolving incidents and avoid SLA breaches.

Define Scope

Here you define whether the SLA applies to all, incidents only, or service requests only. You can also define the category and subcategory.

After you determine the target, configure your SLA rules by refining specific filters. This helps you provide varying service levels as they pertain to different internal service providers and priorities.

You can scope the filters to the following options:

  • Incident / Service Request
  • Category
  • Priority
  • Site
  • Department
  • Requester
Create an SLA rule once and define category and subcategory by using a multi-picklist. This allows you to apply the same rule to multiple category/subcategory combinations.

Set Action

An action defines the priority and assignee, allowing you to send a notification to a specific user prior to an SLA breach. For example, you can click the dropdown menu and select the option to include a notification to the assignee's manager and the manager's manager.

Setting an action helps you define automatic actions to deploy if the target is breached.

You can define one or multiple actions, which include:

  • Change priority
  • Re-assign incident
  • Send notification to
  • Add Tags

Deleting an SLA

Some customers have created new SLAs that combine what was previously multiple SLAs.

To avoid losing all historical data associated with the old SLAs, do not delete them. Instead, modify your reporting practice and report only on the new SLAs.

SolarWinds recommends keeping all SLAs and not deleting any. Deleting SLAs results in the loss of historical data.

Calculating SLAs

The examples below can help you understand how SLA hours are calculated to meet your company goals.

  • The SLA timer starts at incident creation.

  • The SLA work day is measured by average business hours. If you provide support three days a week at 8 hours/day and two days a week at 6 hours/day, an SLA measured by business hours equals 7.2 hours/day.

  • If your business hours are set to 7 am - 5 pm Sunday through Friday, the average business day is 10 hours and excludes weekends. If a ticket is created at 9:30 am on Friday, October 8, with an SLA of one business day, the ticket will not breach until 9:30 am on Monday, October 11. That's because October 9 and 10 fall on Saturday and Sunday, and they are not business days.

The time zone for SLA compliance is set by the incident site. If there is no site, SWSD looks at the organization's default time zone. See Organization & Sites for more information.

Updated and/or newly created incidents do not automatically get updated with a newly defined SLA. That is, as you define new SLAs, they will only be relevant to incidents created after the SLA is defined.

All SLAs index page

After you create the SLAs for your organization, you can view them in the All SLAs Index page. You can also customize your view.

Default view options

Default view options include:

  • Edit
  • Rename
  • Share
  • Save Changes
  • Save as New
  • Set as Default
  • Delete View

Customize view

  1. Click Edit View under All SLAs in the upper left.

  2. In the Edit View pane on the left, select the edit type from the tabs.

    • Filter tab. You can select an attribute and provide a value to filter by. You can also add more attributes. Filtering options include:
      • All SLAs (Default)
      • No actions taken
      • Not assigned
      • Not commented
      • Not resolved
    • Columns tab. Select the columns to include in your view. Column options include:
      • Name
      • Target
      • Scope
      • Action
      • Pre-Breach Thresholds
    • Sorting tab. Select a field to sort by and the sorting direction for that field.

SLA breaches

Breaches display on the All Open Incidents index page.

The SLA Breaches and Next Breach columns show color-coded timers for each incident.

  • Green Timer. Reflects an incident that has not met the pre-breach criteria.

  • Orange Timer. Reflects an incident that is past the initial pre-breach indicator, but has not reached the final pre-breach indicator. 

  • Red Timer. Reflects an incident that risks breaching the pre-determined SLAs.

If you have set multiple breach times, the Next Breach timer reflects 1 upcoming breach. You can click it to see more details with up to 3 upcoming breaches.

By setting the thresholds as described above, the indicators keep your teams better informed prior to any breach of SLAs. They also provide ample time to perform the necessary actions to resolve any issues and prevent a breach. Using the Incident Index page, agents can sort their queues based on which tickets will breach next. This helps them prioritize the tickets and reduce breached incidents, ensuring that your VIP cases receive your services within the agreed-upon time frames.

Multiple thresholds

You can set different thresholds based on the importance of the specific SLA. For example, you might need two similar Not Resolved SLAs: One for VIP users, the other for the general public.

In both cases, the SLA will be breached after three days. For the VIP case, you have included an additional trigger to escalate to the IT manager. As a result, in the VIP SLA, you can set the initial threshold indicator to alert at two days prior to breach and the final threshold indicator to one day. For the general public SLA, you can set it with the initial indicator threshold at one day and the final indicator threshold at five hours prior to breach. 

Unexpected breach after recategorizing incident

Recategorizing an incident does not restart the timer, therefore, the breach date/time will not change. For example, an incident using the hardware category is saved during morning business hours on Monday. The breach is scheduled to occur three business days later on Thursday morning. During business hours on Tuesday the category is updated to software. After the update, the breach will still occur on Thursday morning because the timer starts when the incident is created and does not change when it is updated. This applies to any SLA where a change to the incident affects the SLA.

Send a pre-breach notification

The pre-breach indicator does not currently send a notification. As a workaround, consider creating an automation rule. See Automation Rules for more information.

Be aware: Business hours do not apply to automation rules. A pre-breach notification configured with automation rules may not meet your organization's needs. SolarWinds recommends you test thoroughly.

Related Topics

Business Hours