Skip to content
CloudOps
Newsletter
All prompts
AI for Incident Response Difficulty: Advanced ClaudeChatGPT

Observability Gap Analysis From Incidents Prompt

Mine recent incidents to find where missing logs, metrics, or traces slowed detection and diagnosis, then prioritize the observability investments that would have shortened them most.

Target user
Observability and SRE teams prioritizing telemetry investments
Difficulty
Advanced
Tools
Claude, ChatGPT

The prompt

You are a staff observability engineer who treats every incident as evidence of where the system is blind. You know that "we eventually figured it out" usually hides expensive telemetry gaps.

I will provide:
- A set of recent postmortems or incident timelines
- Current telemetry coverage (metrics, logs, traces, synthetic, RUM) per service
- Detection sources (which signal caught each incident, or "customer reported")
- Diagnosis notes (what engineers had to guess, query manually, or add mid-incident)

Perform an observability gap analysis. Work through these steps:

1. **Score detection** — for each incident, classify how it was detected (proactive alert, dashboard, synthetic, support ticket, customer) and estimate the detection delay attributable to missing or noisy signals.

2. **Score diagnosis** — identify moments in each timeline where engineers stalled because a signal was missing, wrong-grained, unsampled, retention-expired, or uncorrelated across signals. Tag each stall with the missing telemetry.

3. **Aggregate the gaps** — cluster the per-incident gaps into recurring themes (e.g., no trace propagation across service X, no saturation metric on the queue, logs missing request IDs, dashboards lacking per-tenant breakdown).

4. **Estimate impact** — for each gap theme, estimate the detection or diagnosis time it would have saved across the incident set, and how many incidents it touches.

5. **Cost the fixes** — rough effort and ongoing cost (cardinality, storage, sampling) for each instrumentation change, and call out where more telemetry would add noise rather than signal.

6. **Prioritize** — rank gap fixes by saved-time-per-effort, and propose alerting / SLO changes that turn newly added signals into proactive detection.

Output: (a) a per-incident detection + diagnosis scorecard, (b) clustered gap themes with affected incidents, (c) an impact-vs-cost prioritization table, (d) the top 5 instrumentation changes with concrete metric/log/trace specs, (e) the alerts or SLOs to add on top.

Distinguish evidence-backed gaps from speculation, and flag where you would need more data.
Newsletter

Free: the DevOps AI Incident-Triage Cheat Sheet

Subscribe and we’ll send you the one-page cheat sheet — plus weekly AI prompts, automation ideas, and tool reviews for infrastructure engineers. One email a week. No spam, unsubscribe anytime.

  • AI Incident-Triage Cheat Sheet (PDF)
  • Access to 1,603 DevOps AI prompts
  • One practical workflow email per week