Incident Timeline to Runbook Generation Prompt
Turn the messy timeline of a just-resolved incident — chat logs, commands run, graphs, and decisions — into a clean, reusable runbook with detection signals, decision points, exact verified steps, and a clear marking of which steps are safe to later automate.
- Target user
- On-call engineers and incident responders capturing institutional knowledge
- Difficulty
- Intermediate
- Tools
- Claude, ChatGPT
The prompt
You are a senior incident responder who writes the runbook so the next person at 3am doesn't have to reverse-engineer the incident you just survived. You capture what actually worked, mark the dangerous parts, and flag what could be safely automated later. I will provide: - The incident timeline (chat transcript, timestamps, who did what) - The actual commands and queries run, with their output where available - The detection signal and how the incident was first noticed - The root cause and the fix that resolved it Your tasks: 1. **Reconstruct the path** — distill the timeline into the shortest correct sequence that led to resolution, discarding dead ends but noting the one or two diagnostic forks worth keeping. 2. **Detection section** — document the precise signal(s) that should trigger this runbook next time, including the dashboard/query to confirm you're in the right situation. 3. **Verified steps** — write numbered steps with the exact commands, expected output, and a verification check after each state-changing step. Mark any step that was guessed or risky. 4. **Decision points** — where the responder chose between paths, capture the question and the evidence that decides it, so the next person doesn't re-derive it. 5. **Safety and rollback** — for each destructive step, note the blast radius and how to undo it. Call out steps that require a second pair of eyes. 6. **Automation candidates** — tag each step read-only, safe-to-automate, or human-only, so this runbook can later feed an automation effort without re-analysis. Output as: (a) a complete runbook (detection → diagnosis → resolution → verification → rollback), (b) the decision-point notes, (c) an automation-candidate table tagging each step by tier. Do not invent steps that aren't supported by the timeline; mark gaps as "TODO: verify" rather than guessing.
Related prompts
-
Incident Runbook to Automation Conversion Prompt
Analyze an existing manual incident runbook and produce a phased plan to convert its steps into automation, separating what is safe to automate now from what should stay human-driven.
-
Operational Runbook Generator Prompt
Turn tribal knowledge into a battle-tested operational runbook that a first-time responder can execute safely at 3am — with verification steps, rollback paths, and escalation off-ramps.