The incident is resolved. Now comes the harder part: preparing the evidence for the postmortem.
Instead of manually jumping between dashboards, logs, traces, and alerts, ask your AI assistant, connected to SigNoz through the MCP server, to compile the full evidence pack.
Prerequisites
- Connect your AI assistant to SigNoz using the MCP Server guide. - Make sure your services are instrumented with distributed tracing. See Instrument Your Applicationif you haven't set this up.
Compile the Incident Timeline
Ask your AI assistant to compile a complete evidence pack for the incident window:
Compile an incident timeline for yesterday 14:00-16:00 UTC: alert transitions, metric inflection points, representative errors, and the trace that best captures the failure path.
Your assistant will analyze alert history, metrics, logs, and traces to build a comprehensive timeline.
This evidence pack gives you everything you need for the postmortem: precise timing of alert transitions, correlated metric changes, the error pattern with selector criteria, and a representative trace showing the full failure path.
Final Summary
Instead of manually reconstructing the incident from scattered alerts, dashboards, and trace searches, you asked your AI assistant for a complete evidence pack. In one query, you received:
Alert timeline: 9 payment flaps, 10 checkout flaps, correlated within minutes** Root cause signature**: Payment rejection forapp.loyalty.level=gold
users onlyQuantified impact: 30-41 checkout errors during peak buckets, P99 latency climbing from 2.8s → 4.3s** Representative trace**: Full span tree showing the exact failure path from payment → checkout → frontend
You now have everything needed for the postmortem doc to share with the team.
Under the Hood
During this workflow, the MCP server called these tools:
| Step | MCP Tool | What It Did |
|---|---|---|
| 1 | signoz_get_alert_history |
Fetched alert state transitions during the incident window |
| 1 | signoz_query_metrics |
Identified metric inflection points (error rate, latency, saturation) |
| 1 | signoz_search_logs |
Retrieved representative error log events from the incident window |
| 1 | signoz_search_traces |
Searched for anomalous traces during the failure period |
| 1 | signoz_get_trace_details |
Fetched full span breakdown for the trace that best captures the failure path |
Related Use Cases
Alert Correlation Analysis- When multiple services alert simultaneously, identify whether it's a cascade from one failure or separate incidents.On-Call Handoff Brief- Generate a handoff summary of recent incidents and ongoing issues for the next on-call engineer.Error Rate Spike Explainer- Investigate where errors originate in the call chain when a single service starts failing.
If you need help with the steps in this topic, please reach out to us on SigNoz Community Slack. If you are a SigNoz Cloud user, please use in product chat support located at the bottom right corner of your SigNoz instance or contact us at cloud-support@signoz.io.