Skip to main content
Investigations automatically work out what’s going on during an incident, doing the legwork a responder normally would — faster, and across every source at once. The moment an incident is declared, an investigation gathers context from across your stack: the alert and its stack trace, similar past incidents, Slack discussion and change events, your runbooks, recent code changes, and your telemetry. It forms a hypothesis and then tests it — reading your code and querying your dashboards to confirm or rule it out — and posts a root cause, the evidence behind it, and clear next steps into the incident channel within the first few minutes. Responders open the channel to a head start, not a blank page.

What an investigation looks at

Investigations draw on context from across your stack, combining these sources into a single picture. The more you connect, the more grounded each investigation becomes.

Past incidents

Surface similar incidents from your history and the fixes that worked before.

Slack channels

Pick up real-time context like deploys, config changes, and team discussion.

Change events

Correlate deploys, feature flags, and config changes against when the incident started.

Documentation

Search your runbooks and reference docs from Confluence, Notion, GitHub, and GitLab.

Code repositories

Identify the pull request that caused an issue and trace errors through your code.

Telemetry

Query the logs, metrics, traces, and dashboards your team already relies on.
And one source needs no setup: every investigation automatically checks whether third-party dependencies you rely on — AWS, GitHub, Stripe, and the like — were having an outage at the time.

Where to go next

Getting started

Connect your sources and run your first investigation.

How investigations work

Understand the phases an investigation moves through and how it builds findings.

Triggering investigations

Choose when investigations run — automatically, by condition, or on demand.

Connect your data

Set up each source, from telemetry providers to code repositories.
For details on how incident.io handles your data during AI processing, see our AI privacy guidance in the Trust Center.