Written by: Nimesh Chakravarthi, Co-founder & CTO, Struct
Key Takeaways for Datadog Users
-
Manual Datadog triage at 3 a.m. forces engineers to pivot across multiple tools, taking 30–45 minutes per incident and driving alert fatigue.
-
AI-powered automated investigation runs the moment an alert fires, correlating metrics, logs, traces, and code changes without human input.
-
Struct layers on top of Datadog and other observability platforms, delivering a structured root-cause summary in under five minutes with no re-instrumentation required.
-
Teams report an 80% reduction in triage time, enabling junior engineers to resolve issues faster and reducing escalation to senior staff.
-
Struct turns your on-call runbook into an automated investigation layer that cuts investigation time by 80% and restores product velocity.
How AI-Powered Automated On-Call Investigation Works
AI-powered automated on-call investigation sits between an alert trigger and the engineer’s first action. When an alert fires, the system immediately and autonomously queries logs, metrics, traces, and code context across the connected stack. It correlates signals, identifies the root cause, assesses blast radius, and delivers a structured summary before a human opens a laptop.
This category differs from AI chatbots or generic LLM assistants. Those tools are reactive, since an engineer must wake up, gather raw data, paste it into a prompt, and guide the model. Automated investigation is proactive, because the investigation runs in the background the moment the alert fires, with no human prompt required. Because the investigation completes before human engagement, the engineer’s role shifts from investigator to reviewer.
See automated investigation in action
Why Datadog-Based Triage Feels Slow and Painful
Datadog surfaces metrics, logs, and APM traces, but it does not automatically correlate them into a causal narrative. Without correlation, monitoring systems fire independent alerts for every threshold breach, creating duplicate notifications for the same underlying incident, so a database slowdown can simultaneously trigger separate alerts for high latency, increased error rates, connection pool exhaustion, and downstream service timeouts.
Data silos and tool fragmentation force manual correlation because many organizations route logs to one platform, metrics to another, and traces to a third, making cross-signal investigation painful and time-consuming. Even within a single platform, high-cardinality telemetry and large-scale data volumes make correlation computationally expensive, as engines must process signals across millions of unique trace IDs, container instances, and request paths. This computational burden translates into a predictable, slow manual workflow.
A typical manual investigation follows a familiar path. A metrics alert shows an error-rate spike. The engineer pivots to traces to find the slow operation. They then jump to logs to discover the root cause. Mature observability combining metrics, logs, traces, and change intelligence can help reduce MTTR, but only when that combination is automated. Manual combination delivers no such benefit at 3 a.m.
The 2026 State of Production Reliability and AI Adoption Report by NeuBird AI found that 83% of organizations report their teams are ignoring alerts. 44% of organizations experienced an outage in the past year directly linked to suppressed or ignored alerts. When every alert demands 30–45 minutes of manual correlation work, engineers start suppressing notifications to protect their focus and sleep. Alert fatigue is not a behavior problem. It is a workflow problem.
How Automated Investigation Rewrites the On-Call Workflow
An automated investigation layer intercepts the alert the moment it fires. It queries Datadog metrics, pulls correlated logs from CloudWatch or GCP, retrieves relevant exceptions from Sentry, and maps recent code changes from GitHub. These steps run in parallel without human direction.
Within five minutes, the system outputs a structured dashboard containing the root cause, a unified event timeline, blast radius, and suggested fixes. Struct is an AI agent that automatically root-causes engineering alerts by pulling and analyzing metrics, logs, traces, monitors, and code, performing regression analysis, correlating anomalies, and generating impact summaries, with deployment in minutes. Large-scale customers report an 80% reduction in triage time. As Struct co-founder Deepan Mehta describes it, “Struct gets you from alert → root cause before you even open your laptop.”
The 85–90%+ helpful investigation rate means the vast majority of automated outputs provide the correct root cause and actionable next steps, not a list of possibilities requiring further manual filtering. Engineers review rather than investigate. That review takes minutes, not the better part of an hour.
Using Struct With Datadog Without Replacing Anything
Teams worry about any “Datadog alternative” because of switching cost. Replacing Datadog means re-instrumenting services, retraining teams, and migrating dashboards, which consumes weeks of engineering time with no guaranteed improvement. Struct avoids that cost by layering on top of Datadog instead of replacing it.
Struct connects to Datadog as a data source alongside AWS CloudWatch, GCP Logs, Azure Traces, Sentry, Grafana, Prometheus, and Loki. By listening to Slack alerting channels or PagerDuty, it triggers automatically when an alert fires and delivers its output back into the same Slack thread where the alert appeared. GitHub integration adds code context to this unified view. Because all investigation results surface within existing tools, the engineer never leaves their toolchain. They simply receive a pre-completed investigation inside it.
Setup takes under 10 minutes. You authenticate the issue source (Slack or PagerDuty), connect the code repository (GitHub), and link the observability context (Datadog and cloud logs). Auto-investigations activate immediately. No re-instrumentation. No new dashboards to build. No migration.
Set up your first auto-investigation in 10 minutes
Head-to-Head Triage-Time Comparison Across Tools
The table below compares tools on average triage time, setup time, and MTTR impact. Triage time refers to the period from alert fire to confirmed root cause identification. Dynatrace, Honeycomb, and PagerDuty function as general-purpose observability or alerting platforms, so their triage times reflect manual investigation workflows on top of those platforms rather than a dedicated automated investigation layer.
|
Tool |
Avg. Triage Time |
Setup Time |
MTTR Impact |
|---|---|---|---|
|
Datadog (manual workflow) |
Days to weeks (instrumentation + dashboards) |
Baseline, no automated reduction |
|
|
Dynatrace |
Reduced vs. manual via Davis AI root-cause analysis, exact minutes not independently benchmarked |
Days (OneAgent deployment + manual log enrichment configuration per technology) |
|
|
Honeycomb |
Faster querying than traditional tools, triage still requires manual query construction |
Hours to days (instrumentation required) |
Improved query speed, MTTR reduction depends on engineer skill |
|
PagerDuty |
Alert routing only, triage time unchanged without separate investigation tooling |
Hours (routing rules + escalation policies) |
No direct MTTR reduction, improves notification speed only |
|
Struct (layered on Datadog) |
Under 5–10 minutes (automated root-cause output before engineer engages) |
Under 10 minutes (connect integrations, activate auto-investigations) |
Onboarding New Engineers With 10-Minute Setup
Critical incidents often pull in multiple engineers. A major driver of this escalation pattern is tribal knowledge, since senior engineers hold the systemic context required to debug complex outages, and newer engineers cannot safely take on-call shifts without it.
Struct’s automated investigation output functions as a documented first pass from a senior engineer. Every alert produces a structured report with root cause, timeline, blast radius, and suggested fix that gives a junior engineer a reliable starting point without requiring escalation. Teams can also encode their specific on-call runbooks directly into Struct, so the AI follows the exact operational procedures the senior team would apply.
For engineering leaders, this directly addresses onboarding bottlenecks. New hires can take on-call duties earlier. Senior engineers are freed from constant escalation interruptions. The institutional knowledge embedded in runbooks becomes accessible to the entire team rather than residing in one person’s memory.
Security and Compliance for Struct Deployments
Struct is SOC 2 and HIPAA compliant, covering the compliance requirements of the majority of Seed-to-Series-C companies operating in regulated industries including fintech, healthtech, and SaaS. Logs and telemetry data are accessed and processed ephemerally, so data is not stored beyond the investigation window.
One constraint matters for teams with strict data residency requirements. Struct currently requires access to logs and context via cloud integrations (AWS, GCP, Datadog). Organizations with policies prohibiting any log egress from their VPC and requiring full on-premise deployment are not the right fit for Struct at this time. For the majority of growth-stage engineering teams, SOC 2 and HIPAA compliance with ephemeral data handling meets security review requirements.
Discuss compliance requirements for your team
Frequently Asked Questions
Does Struct replace Datadog, or does it work alongside it?
Struct does not replace Datadog. It layers on top of Datadog and other observability tools already in use. Datadog continues to serve as the source of metrics, logs, and APM data. Struct connects to Datadog as an integration, automatically queries it when an alert fires, and delivers a correlated root-cause summary back into Slack. No re-instrumentation, no dashboard migration, and no change to existing Datadog configuration is required.
What happens if our logging and alerting setup is inconsistent or incomplete?
Struct’s investigation quality depends directly on the telemetry available in the connected tools. If services lack trace IDs, structured logging, or consistent alerting triggers, the AI cannot infer system state from code analysis alone. The ideal setup includes active use of at least one observability platform (Datadog, CloudWatch, GCP Logs), an exception tracker (Sentry), and Slack-based alerting. Teams with basic logging and alerting in place will see the strongest results immediately.
Is Struct compliant with SOC 2 and HIPAA requirements?
Yes. Struct is fully SOC 2 and HIPAA compliant. Log and telemetry data is accessed ephemerally during the investigation and is not retained beyond that window. This compliance posture covers the requirements of most Seed-to-Series-C companies, including those in fintech and healthtech. Teams with policies requiring zero log egress from their VPC or full on-premise deployment should evaluate whether Struct’s current architecture fits their specific security constraints before proceeding.
How long does it take to set up, and does it require dedicated engineering time?
As noted earlier, setup takes under 10 minutes and involves authenticating three integration categories: the issue source, code repository, and observability context. Once connected, auto-investigations activate immediately. No dedicated sprint, no infrastructure changes, and no ongoing maintenance overhead are required to get the first automated investigation running.
Can Struct be customized to follow our team’s specific on-call runbooks?
Yes. Teams can input custom instructions, correlation ID formats, and existing on-call runbooks directly into Struct. The AI follows those operational procedures when an alert fires, producing outputs that match how the senior engineering team would investigate the same issue. Composable widgets allow teams to guarantee that specific visual data, such as particular dashboards, log queries, or service maps, is always pulled for defined alert types, making the output immediately actionable for any engineer on rotation.
Conclusion: Faster Triage Restores Product Velocity
The 2026 State of Production Reliability and AI Adoption Report by NeuBird AI found that engineers spend 40% of their time on managing incidents. Additionally, 36% of teams spend 5 to 10 hours every week on incident reports and post-mortems alone. The 30–45 minute manual triage cycle is not a minor inefficiency. It is a structural drain on engineering capacity that compounds with every alert, every rotation, and every new hire who cannot yet navigate the stack independently.
An AI-powered automated investigation layer does not require replacing Datadog or rebuilding the observability stack. It requires connecting existing tools to a system that performs the investigation automatically, delivers root cause in under five minutes, and returns engineers to the role of decision-makers rather than log-hunters. The 80% reduction in triage time translates directly into restored product velocity, reduced burnout, and faster SLA compliance, outcomes that matter at every stage from Seed to Series C.
Engineering teams ready to evaluate this category can connect their existing Datadog, Slack, and GitHub integrations and run their first automated investigation in under 10 minutes. Start your free trial and see root cause delivered before the next 3 a.m. alert requires a human to find it.
