InsightWorker Logo
  • contact@verticalserve.com

L1 Incident Triage

An on-call autopilot for the first 15 minutes — acknowledge, gather signal, run the runbook, escalate cleanly.

← All use cases
DevOps & SRE
Tech, FinServ, Retail, any oncall org
PagerDutyGrafanarunbookslogs

The problem

  • L1 engineer wakes up at 3am, opens 6 tabs hunting for the right runbook.
  • Logs into Grafana, exports panels, copies into the incident channel by hand.
  • Greps logs across services, pastes snippets manually. Mean-time-to-diagnose grows by the minute.
  • Pages L2 because they couldn't find context fast enough — and L2 is annoyed because most of these are runbook-able.

How InsightWorker handles it

1
Acknowledge the page from PagerDuty, parse the incident metadata. web_fetch · pagerduty webhook
2
Load the matching runbook from your knowledge base. @runbook playbook
3
Pull Grafana panel snapshots for the affected service into the incident thread. web_fetch · grafana api
4
Tail logs, extract errors, correlate with the last deploy / config change. bash · git_log
5
Run runbook steps — restart, drain, failover — with approval gates for each. bash (permission-gated)
6
Escalate with a structured handoff to L2 if the issue isn't resolved within the runbook. send_email · slack adapter

Screenshots

InsightWorker receives the PagerDuty triage prompt

InsightWorker receives the natural language triage prompt and begins the L1 incident response sequence.

PagerDuty alert acknowledged, runbook loaded, Grafana panels pulled

Agent acknowledges the PagerDuty alert, matches the runbook, and drops Grafana panel snapshots into the incident thread.

Runbook step executed with user approval gate

InsightWorker stages the runbook remediation step, waits for explicit user approval, then executes and monitors recovery.

Incident resolved — all-clear summary posted to thread

Incident resolved — agent posts the all-clear summary with timeline and a structured L2 handoff note to the channel.

Sample prompt

"Page just fired for high checkout latency — investigate and follow the runbook."
Deliverables: incident_summary.md · grafana snapshots · log excerpts · runbook checklist · structured escalation note
Prefer the browser?
Run this in InsightStudio — no CLI install for the user.

Authors publish the app once with iw app publish; business users open it in the marketplace and click Run. Your worker box does the execution.

Visit InsightStudio →

Try this use case yourself

Free trial available — CLI, Desktop, VS Code, and the new --worker mode for InsightStudio. See download for details.

Download Free Trial