ProdRescue AIProdRescue AIBack to Home

Help & Guide

Everything you need to get started: your first incident analysis, plan details, Slack & GitHub setup, and what we're building next.

Getting Started Guide

Your first incident analysis in about 5 minutes. No long setup — choose manual paste or Slack.

Prefer video? Watch the 3-minute walkthrough

Quick Start Checklist (2 min)

  • Open /app and run your first incident analysis (no login)
  • Choose: Paste logs OR connect Slack
  • Click Generate (1–2 min wait)
  • Download PDF or share link

First incident analysis in 5 minutes

  1. 1

    Run your first incident analysis (no login)

    Open /app, paste logs or a Slack thread, and generate a full RCA in minutes.

  2. 2

    Add your logs

    Paste logs from anywhere (Slack, Datadog, CloudWatch, JSON, or plain text). Or connect Slack and use a thread link/channel name in the app, run /rescue <slack-thread-url>, or mention @ProdRescue AI in a thread — we pull messages and turn them into one incident analysis.

  3. 3

    Generate

    Click Generate. ProdRescue builds timeline, root cause, evidence references [1], [2], and action items. Usually 1–2 minutes.

  4. 4

    Download or share

    Download PDF for execs, or post the analysis link to Slack. Copy to Microsoft Teams or your wiki. Every claim ties to a real log line.

Slack vs manual log paste — which one?

  • Manual paste: Best for a one-off incident analysis or when logs are in Datadog, CloudWatch, or a file. No setup. Paste, click Generate, get PDF.
  • Slack: Best when your incident war room is in Slack. Connect workspace once, invite the bot to the channel, then generate from a thread link/channel name in the app, run /rescue <slack-thread-url>, or mention @ProdRescue AI in a thread. Analysis link can be posted back to the same channel.
Open RCA demoSee pricing

Slack Integration Guide

Connect your workspace once, then analyze incidents from threads or channels. Available on all plans (Starter: first no-login run + 1 signed-in free analysis; Incident Intelligence & Auto-Fix: unlimited).

1. Connect your Slack workspace

  1. Sign in to ProdRescue and go to Account.
  2. Under Slack, click Add to Slack and authorize the workspace (OAuth).
  3. ProdRescue will only post to the workspace you authorized. To switch workspaces, disconnect and add the other workspace.

2. Which channels can use the bot?

Invite the bot only to channels where you want analysis links or summaries. In the incident channel, type /invite @ProdRescue AI. The bot must be in the channel for "Post to Slack" to target it.

Privacy note

The bot can only read messages in channels where it's explicitly invited. It cannot read your DMs or private channels unless you invite it there.

3. How to trigger analysis from Slack

  • From the app: Paste a Slack thread link (right-click a message → Copy link) or a channel name (e.g. #incidents) in the ProdRescue app, then click Generate. We fetch the messages and build the analysis.
  • Post to Slack: After analysis is ready, use the toolbar to post the RCA link to a channel. You need the channel ID (see Quick tips below or Integrations page).

In-channel triggers are live: run /rescue <slack-thread-url> or mention @ProdRescue AI in a thread. You can also keep using app-based fetch from thread/channel links.

4. Permissions & scopes

We request the minimum needed: read channel messages (to build analysis from threads/channels you choose), post messages (to send analysis links), and identify your workspace. We do not read DMs or channels the bot is not invited to.

GitHub Integration Guide (Auto-Fix plan)

GitHub is used for Suggest Fix: AI proposes code changes from the incident and can open a PR. Requires the Auto-Fix plan ($99/mo).

Important

Always review AI-suggested fixes before merging. ProdRescue creates a PR for review — it never auto-merges to production. Your team's approval process stays in place.

1. Connect your repository

  1. Go to Account → GitHub → Connect.
  2. Authorize ProdRescue (GitHub OAuth). Select the org/repo you want. We need read/write for the repo to create branches and PRs.
  3. Choose the default branch we should branch from (e.g. main).

2. How Suggest Fix works

After you run incident analysis, open it and click Suggest Fix. The AI uses root cause, stack traces, and evidence to search the repo and propose a code change. You can review the diff and then create a branch and open a PR.

3. PR workflow & security

  • Branch: We create a new branch (e.g. fix/inc-abc123-description) from your default branch. We do not push to main/master directly.
  • PR: The PR is opened against the default branch. Your normal branch protection and approval rules apply — we don’t bypass them.
  • Review: Always treat the suggested fix as a proposal. Review the diff, run tests, and merge only when your team is satisfied.

If PR creation fails (e.g. branch protection, permissions), see Troubleshooting.

Manual Log Upload

Paste logs from any source. No API keys or integration required. We parse and sanitize before analysis.

Supported formats

  • Plain text — One line per event or multi-line stack traces.
  • JSON — Log lines as JSON objects (e.g. { "timestamp": "...", "message": "..." }).
  • Datadog / CloudWatch style — Exported log lines with timestamps and messages. We extract time and message fields when present.
  • Slack export or copy-paste — Thread or channel content pasted or fetched via Slack integration.

Log sanitization

Before any AI processing, we run an open-source anonymizer so you can verify what gets redacted: IPs, emails, tokens, and common secrets. The anonymizer code is at github.com/Devrim0/prodrescue-anonymizer. Only sanitized text is sent to the LLM.

Best practices

  • Include a clear time range around the incident (first error to resolution). Extra context is fine; too little can lead to an incomplete timeline.
  • Include error-level logs and key decision points (deploy, rollback, scale). Info/debug can help but are not required.
  • If you have timestamps in ISO or Unix format, we use them for the timeline. Consistent format improves accuracy.

Reading Your Analysis

Each analysis includes summary, timeline, RCA, evidence references, and action items. Here’s how to read them.

RCA (Root Cause Analysis) section

The technical root cause explains what failed and why (e.g. nil pointer in PaymentService, Redis connection exhausted). We also include contributing factors and a 5 Whys-style analysis when the logs support it.

Evidence citations [1], [6], [8]

Numbers in square brackets point to specific log lines in your input. Hover (or tap) to see the source line. This ties every claim to evidence and reduces hallucination — if something isn't in the logs, we don't invent it.

Example

"Payment service crashed at 23:47 [1], causing 2,847 failed transactions [6]."

Click [1] to see:

2024-02-15T23:47:12.123Z ERROR panic: runtime error...

Confidence score

The confidence score reflects how well the available logs support the analysis. It’s the model’s own assessment given the evidence — use it as a signal, not a guarantee. More and clearer logs usually yield higher confidence.

Action items

Suggested next steps with editable owner and deadline fields. Export to PDF or copy to your issue tracker. You can edit them before sharing.

Plans in detail

Each plan includes evidence-backed RCA, timeline, and action items. Differences are usage limits, Slack, GitHub, and history storage.

Starter

FreePerfect for trying out
  • 1 free analysis when you sign up — full experience for it
  • PDF export — same format as paid plans (timeline, RCA, evidence refs)
  • Post to Slack / copy to Teams — share analysis link or copy markdown
  • No analysis history stored — upgrade for saved history and Slack bot

Incident Intelligence

$29/month· Cancel anytime
  • Unlimited incident analysis runs
  • PDF export — executive-ready, one click
  • Slack bot included — connect workspace, invite bot to channel, get analysis links in-channel
  • Structured RCA, action items (owner + deadline), evidence references
  • Analysis history in dashboard — no GitHub integration in this plan

Auto-Fix

$99/month· Everything in Incident Intelligence +
  • GitHub integration — connect repo in Account
  • Suggest Fix — AI proposes code changes from incident evidence
  • PR creation — open a pull request with the suggested fix
  • Code search & analysis — best for teams that want to close the loop from incident to fix

Enterprise

Custom pricing · Contact Sales
  • Unlimited analysis, team workspace
  • Custom deployment — VPC or on-prem
  • SOC 2 & GDPR alignment, dedicated support
  • API access for programmatic incident analysis (early access on request)
Contact Sales

Integrations

You can paste logs from any source — no integration required. For teams, Slack and GitHub add analysis sharing and auto-fix.

Slack (Live)

Connect your workspace in Account → Add to Slack. Invite the bot to your incident channel with /invite @ProdRescue AI. Analyze incidents from thread links or channel names, trigger directly in-channel with /rescue or @ProdRescue AI, and post analysis links back to Slack.

GitHub (Auto-Fix plan)

Connect a repository in Account. Used for Suggest Fix: after an analysis is generated, AI proposes code changes and can open a PR. Requires the Auto-Fix plan ($99/mo).

Paste from anywhere

Datadog, CloudWatch, Grafana Loki, JSON, or plain text — paste into the app and generate. No API keys or integration needed for your first analysis or for paid plans.

Full integrations guide

Roadmap

What we're building next. Slack in-channel quality improvements and more data sources are top priorities.

  • Slack in-channel improvements — smarter thread auto-detection and richer command options
  • Custom analysis templates (Markdown / PDF layout)
  • GitHub Actions app — trigger analysis from CI
  • CloudWatch & Grafana Loki integrations — one-click log pull
  • Multi-cloud support (AWS, GCP)
  • Auto-remediation workflows
  • PagerDuty integration

Want to influence the roadmap? Email us at info@prodrescueai.com with your top priority, or share your requests via our contact page.

Troubleshooting

Common issues and what to check.

  • Slack bot not responding / "Post to Slack" fails

    Check: (1) Bot is invited to the channel (/invite @ProdRescue AI). (2) You’re using the correct workspace — if you switched workspaces, go to Account → Slack → Disconnect, then Add to Slack again for the new workspace. (3) Channel ID is correct (right-click channel → Copy link; the part after archives/ is the ID).

  • Analysis incomplete or generic

    Usually not enough log data or unclear timestamps. Add more lines around the incident window (first error to resolution), include error-level logs and key events (deploy, rollback). Clear timestamps (ISO or Unix) help the timeline.

  • GitHub PR failed / "Suggest Fix" can’t create PR

    Often branch protection or permissions: we create a branch and open a PR from it. Ensure the connected GitHub account (or bot) has write access to the repo and that branch protection rules allow creating branches and opening PRs. If you require approvals or status checks, the PR will wait for them as usual.

  • Revenue impact missing or "Not quantified"

    We only add revenue impact when it can be derived from the logs (e.g. failed transactions, error counts). If your logs don’t contain transaction or revenue-related fields, we don’t invent numbers — the analysis will say "Not quantified in available logs" or omit it. You can add an estimate manually in the summary if needed.

Security & Privacy FAQ

  • What gets redacted before AI?

    IP addresses, email addresses, API keys, tokens, and common secret patterns. The anonymizer is open source: github.com/Devrim0/prodrescue-anonymizer. You can verify what we redact.

  • Which LLM providers do you use?

    We use enterprise-grade APIs: OpenAI, Anthropic, and Google. Different steps of the pipeline use different models (e.g. denoising, RCA, evidence mapping). We use no-training / non-retention options where offered.

  • Do LLM providers store my data?

    We use enterprise APIs with non-training agreements where available (e.g. Anthropic, OpenAI enterprise tier). Data may be temporarily cached by providers per their policies. We do not control third-party retention. See Privacy Policy for details. This is the distinction: we don't store your logs on our systems; providers may cache according to their own policies.

  • Data retention?

    We do not store your logs on our systems after analysis generation. Processing is in-memory and then discarded. Data sent to LLM providers is subject to each provider’s retention policy. We do not train models on your data. Full details: Privacy Policy.

  • Compliance (SOC 2, GDPR)?

    We align with SOC 2 and GDPR principles: minimal data, no log retention on our side, encryption, and clear privacy policy. For Enterprise, we can discuss custom deployments and compliance requirements.

Quick tips

  • Where do I connect Slack? Account → Slack → Add to Slack. Same page for disconnecting or reconnecting a different workspace.
  • How do I get the Slack channel ID? In Slack, right-click the channel name → Copy link. The part after archives/ (e.g. C0AKPEB6D37) is the channel ID. Use it when posting analysis to Slack.
  • Where are my analyses? Dashboard and App show recent analyses. Incident Intelligence and Auto-Fix plans keep history; Starter does not store analyses after you leave the page.
  • Suggest Fix / GitHub? Only on the Auto-Fix plan. Connect repo in Account → GitHub, then use Suggest Fix on a generated analysis.
  • Privacy & logs? We don't store your logs; processing is in-memory and discarded after the analysis. See Privacy Policy for details.

More questions? info@prodrescueai.com

Still stuck?

Email us: info@prodrescueai.com

We reply within 24 hours (usually faster).

Or join our Slack community to get help from other users.