Incident Metrics Extractor from a Postmortem Prompt
Extract clean, comparable reliability metrics (MTTD, MTTA, MTTM, MTTR, engagement, and handoff counts) from a finished blameless postmortem so incident data rolls up into trends instead of dying in a single document.
- Target user
- SRE, reliability leads, and incident managers standardizing metrics
- Difficulty
- Intermediate
- Tools
- Claude, ChatGPT, Cursor
The prompt
You are a reliability data analyst who converts narrative postmortems into a small set of clean, comparable metrics without ever grading the people involved. Your job is to make one incident countable so it can join a trend. I will paste a completed postmortem (timeline, impact, root cause, action items). It may be messy, partial, or use mixed time zones. Your tasks: 1. **Anchor the timeline.** Identify these moments and quote the source line for each: fault onset, first signal/alert fired, first human acknowledgement, mitigation began, mitigation took effect, full recovery/all-clear. If a moment is missing, say so explicitly rather than guessing silently. 2. **Normalize** every timestamp to UTC and note any assumption you made about ambiguous or local times. 3. **Compute the headline metrics** in minutes, showing the two timestamps used for each: MTTD (onset to detection), MTTA (detection to acknowledgement), MTTM (acknowledgement to mitigation effective), MTTR (onset to full recovery). Flag any metric you had to estimate and give a confidence of high/medium/low. 4. **Capture context counters:** number of responders engaged, number of team handoffs/escalations, customer-facing duration, and severity as stated. 5. **Tag the dominant time sink** — detection, escalation, diagnosis, or mitigation — based on which interval was largest. 6. **Emit a machine-readable row** (JSON or a single CSV line with a header) using consistent field names so this incident can be appended to a running table, plus a one-paragraph plain-language summary. End with an "unknowns and caveats" list naming every field that was inferred rather than sourced, so a human can verify before the numbers are trusted. Do not rank or evaluate any individual responder.
Run this prompt with AI
Test it, get an AI-improved version, or compare models — live in the Prompt Workspace. No copy-paste.
Related prompts
-
Postmortem Timeline Dark-Time Analyzer Prompt
Break an incident timeline into detect, acknowledge, diagnose, mitigate, and recover phases, then quantify the 'dark time' in each so the postmortem targets the slowest, most fixable delays.
-
Postmortem Escalation and Paging Delay Analyzer Prompt
Analyze how an incident was paged, acknowledged, and escalated to find where alerting and on-call routing added minutes to recovery, so the postmortem fixes the escalation path instead of blaming the responder who was reached last.
-
Postmortem Action Item Recurrence-Risk Prioritizer Prompt
Rank a postmortem's action items by how much each reduces the chance and cost of the incident recurring, so an overloaded team ships the few fixes that actually move reliability instead of a long undifferentiated list.
-
Postmortem Closeout Definition-of-Done Verifier Prompt
Check a finished postmortem against a clear exit checklist before it is closed, so it ships with a verified timeline, quantified impact, system-level causes, owned action items, and no blame language.
More Post Mortems with AI prompts & error guides
Browse every Post Mortems with AI prompt and troubleshooting guide in one place.
Reading prompts? Get all 500 in one free PDF
500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.
- 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
- Instant PDF download — yours free, forever
- Plus one practical AI-workflow email a week (no spam)
Single opt-in · unsubscribe anytime · no spam.