Skip to main content
Investigations automatically work out what’s going on during an incident, doing the legwork a responder normally would — faster, and across every source at once. The moment an incident is declared, an investigation gathers context from across your stack: the alert and its stack trace, similar past incidents, Slack discussion and change events, your runbooks, recent code changes, and your telemetry. It forms a hypothesis and then tests it — reading your code and querying your dashboards to confirm or rule it out — and posts a root cause, the evidence behind it, and clear next steps into the incident channel within the first few minutes. Responders open the channel to a head start, not a blank page.

What an investigation looks at

Investigations draw on context from across your stack, combining these sources into a single picture. The more you connect, the more grounded each investigation becomes.
https://mintcdn.com/incidentio-18bb4170/sRvzAk-yzIz8QOX3/icons/investigations.svg?fit=max&auto=format&n=sRvzAk-yzIz8QOX3&q=85&s=cf0971ce90cba6e9bee684c6deca9a51

Past incidents

Surface similar incidents from your history and the fixes that worked before.

Slack channels

Pick up real-time context like deploys, config changes, and team discussion.

Change events

Correlate deploys, feature flags, and config changes against when the incident started.

Documentation

Search your runbooks and reference docs from Confluence, Notion, GitHub, and GitLab.

Code repositories

Identify the pull request that caused an issue and trace errors through your code.

Telemetry

Query the logs, metrics, traces, and dashboards your team already relies on.
And one source needs no setup: every investigation automatically checks whether third-party dependencies you rely on — AWS, GitHub, Stripe, and the like — were having an outage at the time.

Where to go next

Getting started

Connect your sources and run your first investigation.

How investigations work

Understand the phases an investigation moves through and how it builds findings.

What we can see

The context an investigation reads from inside your incident, from the conversation to call transcripts.

Measuring accuracy

How we grade investigations against what really caused your incidents, and use it to improve them.

Trust and safety

How investigations stay under your control, auditable, and honest about what they know.

Triggering investigations

Choose when investigations run — automatically, by condition, or on demand.

Connect your data

Set up each source, from telemetry providers to code repositories.
For details on how incident.io handles your data during AI processing, see our AI privacy guidance in the Trust Center.