> ## Documentation Index
> Fetch the complete documentation index at: https://docs.incident.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Investigations

> Find the root cause of incidents faster, with evidence you can trust.

Investigations automatically work out what's going on during an incident, doing the legwork a responder normally would — faster, and across every source at once.

The moment an incident is declared, an investigation gathers context from across your stack: the alert and its stack trace, similar past incidents, Slack discussion and change events, your runbooks, recent code changes, and your telemetry. It forms a hypothesis and then tests it — reading your code and querying your dashboards to confirm or rule it out — and posts a root cause, the evidence behind it, and clear next steps into the incident channel within the first few minutes. Responders open the channel to a head start, not a blank page.

## What an investigation looks at

Investigations draw on context from across your stack, combining these sources into a single picture. The more you connect, the more grounded each investigation becomes.

<CardGroup cols={2}>
  <Card title="Past incidents" icon="https://mintcdn.com/incidentio-18bb4170/sRvzAk-yzIz8QOX3/icons/investigations.svg?fit=max&auto=format&n=sRvzAk-yzIz8QOX3&q=85&s=cf0971ce90cba6e9bee684c6deca9a51" href="/investigations/connect/past-incidents" width="40" height="40" data-path="icons/investigations.svg">
    Surface similar incidents from your history and the fixes that worked before.
  </Card>

  <Card title="Slack channels" icon="slack" href="/investigations/connect/slack">
    Pick up real-time context like deploys, config changes, and team discussion.
  </Card>

  <Card title="Change events" icon="clock-rotate-left" href="/investigations/connect/change-events">
    Correlate deploys, feature flags, and config changes against when the incident started.
  </Card>

  <Card title="Documentation" icon="book-open" href="/investigations/connect/documentation">
    Search your runbooks and reference docs from Confluence, Notion, GitHub, and GitLab.
  </Card>

  <Card title="Code repositories" icon="code" href="/investigations/connect/code/overview">
    Identify the pull request that caused an issue and trace errors through your code.
  </Card>

  <Card title="Telemetry" icon="database" href="/investigations/connect/telemetry/overview">
    Query the logs, metrics, traces, and dashboards your team already relies on.
  </Card>
</CardGroup>

And one source needs no setup: every investigation automatically checks whether [third-party dependencies](/investigations/third-party-dependencies) you rely on — AWS, GitHub, Stripe, and the like — were having an outage at the time.

## Where to go next

<CardGroup cols={2}>
  <Card title="Getting started" icon="rocket" href="/investigations/getting-started">
    Connect your sources and run your first investigation.
  </Card>

  <Card title="How investigations work" icon="magnifying-glass" href="/investigations/how-investigations-work">
    Understand the phases an investigation moves through and how it builds findings.
  </Card>

  <Card title="What we can see" icon="eye" href="/investigations/what-we-can-see">
    The context an investigation reads from inside your incident, from the conversation to call transcripts.
  </Card>

  <Card title="Measuring accuracy" icon="bullseye" href="/investigations/measuring-accuracy">
    How we grade investigations against what really caused your incidents, and use it to improve them.
  </Card>

  <Card title="Trust and safety" icon="shield" href="/investigations/trust-and-safety">
    How investigations stay under your control, auditable, and honest about what they know.
  </Card>

  <Card title="Triggering investigations" icon="wand-magic-sparkles" href="/investigations/triggering">
    Choose when investigations run — automatically, by condition, or on demand.
  </Card>

  <Card title="Connect your data" icon="server" href="/investigations/connect/overview">
    Set up each source, from telemetry providers to code repositories.
  </Card>
</CardGroup>

<Info>
  For details on how incident.io handles your data during AI processing, see our [AI privacy
  guidance](https://trust.incident.io/) in the Trust Center.
</Info>