Postmortem Evidence Pack

SigNoz announced a new AI-powered feature that compiles postmortem evidence packs from alerts, metrics, logs, and traces via an MCP server integration, enabling engineers to reconstruct incident timelines with a single query. The tool automatically generates alert timelines, root cause signatures, quantified impact, and representative traces to streamline incident analysis.

The incident is resolved. Now comes the harder part: preparing the evidence for the postmortem. Instead of manually jumping between dashboards, logs, traces, and alerts, ask your AI assistant, connected to SigNoz through the MCP server, to compile the full evidence pack. Prerequisites - Connect your AI assistant to SigNoz using the MCP Server guide https://signoz.io/docs/ai/signoz-mcp-server/ . - Make sure your services are instrumented with distributed tracing. See Instrument Your Application https://signoz.io/docs/instrumentation/ if you haven't set this up. Compile the Incident Timeline Ask your AI assistant to compile a complete evidence pack for the incident window: Compile an incident timeline for yesterday 14:00-16:00 UTC: alert transitions, metric inflection points, representative errors, and the trace that best captures the failure path. Your assistant will analyze alert history, metrics, logs, and traces to build a comprehensive timeline. This evidence pack gives you everything you need for the postmortem: precise timing of alert transitions, correlated metric changes, the error pattern with selector criteria, and a representative trace showing the full failure path. Final Summary Instead of manually reconstructing the incident from scattered alerts, dashboards, and trace searches, you asked your AI assistant for a complete evidence pack. In one query, you received: Alert timeline : 9 payment flaps, 10 checkout flaps, correlated within minutes Root cause signature : Payment rejection for app.loyalty.level=gold users only Quantified impact : 30-41 checkout errors during peak buckets, P99 latency climbing from 2.8s → 4.3s Representative trace : Full span tree showing the exact failure path from payment → checkout → frontend You now have everything needed for the postmortem doc to share with the team. Under the Hood Under the Hood under-the-hood During this workflow, the MCP server called these tools: | Step | MCP Tool | What It Did | |---|---|---| | 1 | signoz get alert history | Fetched alert state transitions during the incident window | | 1 | signoz query metrics | Identified metric inflection points error rate, latency, saturation | | 1 | signoz search logs | Retrieved representative error log events from the incident window | | 1 | signoz search traces | Searched for anomalous traces during the failure period | | 1 | signoz get trace details | Fetched full span breakdown for the trace that best captures the failure path | Related Use Cases Alert Correlation Analysis https://signoz.io/docs/ai/use-cases/alert-correlation-analysis/ - When multiple services alert simultaneously, identify whether it's a cascade from one failure or separate incidents. On-Call Handoff Brief https://signoz.io/docs/ai/use-cases/oncall-handoff-brief/ - Generate a handoff summary of recent incidents and ongoing issues for the next on-call engineer. Error Rate Spike Explainer https://signoz.io/docs/ai/use-cases/error-rate-spike-explainer/ - Investigate where errors originate in the call chain when a single service starts failing. If you need help with the steps in this topic, please reach out to us on SigNoz Community Slack https://signoz.io/slack/ . If you are a SigNoz Cloud user, please use in product chat support located at the bottom right corner of your SigNoz instance or contact us at cloud-support@signoz.io mailto:cloud-support@signoz.io .