Written by: Nimesh Chakravarthi, Co-founder & CTO, Struct
Key Takeaways for On-Call Engineering Leaders
-
Traditional APM tools surface symptoms but leave engineers to manually hunt logs, traces, and code changes, which extends MTTR during on-call incidents.
-
Correlation-based methods often misidentify symptoms as root causes, which drives alert fatigue and pushes roughly 40% of engineering time into incident management.
-
Automated first-pass investigation tools like Struct start analysis the moment an alert fires and deliver root cause, blast radius, and suggested fixes within five minutes.
-
Struct connects to existing APM stacks (Datadog, CloudWatch, Sentry, GitHub) through Slack or PagerDuty and can cut triage time by up to 80% with a 10-minute setup.
-
Struct automates your on-call runbook so Seed to Series C teams can remove manual investigation loops and resolve incidents faster.
The Problem: Why APM Correlation Falls Short for On-Call Triage
Traditional APM platforms surface symptoms but stop short of completing the investigation. They generate alerts when thresholds are breached, correlate traces to slow transactions, and flag anomalous error rates. They do not assemble a full narrative of what happened. After an alert fires, engineers still execute every manual step. They hunt logs across fragmented tools, reconstruct a timeline, map exceptions to code changes, and determine blast radius.
The 2026 State of Production Reliability and AI Adoption Report, based on a survey of more than 1,000 SRE, DevOps, and IT operations professionals, found that engineers spend 40% or more of their time on incident management rather than product development. The same report found that many teams navigate multiple tools during a live incident, with each context switch adding time to response. It also found that on-call teams often receive frequent alerts, with many not being actionable.
The underlying limitation is architectural. Correlation-based methods frequently misidentify symptoms as genuine causes, eroding engineer confidence and adding complexity to the resolution workflow. This is not a tuning issue, it reflects a hard accuracy ceiling. APM metrics can identify abnormal components in a fault window, but those abnormal components are not necessarily the root cause. The official baseline on the 2025 CCF AIOps challenge achieved 39.91 accuracy, which highlights how difficult it is to infer causation from correlation alone. Legacy APM platforms treat the application as the boundary of truth, identifying slow transactions and performance bottlenecks but rarely where the real constraint resides. That constraint may sit in infrastructure, third-party dependencies, or configuration drift, which leaves engineers guessing.
The result is a predictable, costly pattern. Organizations often pull in multiple engineers during incidents, while 60% of organizations said it takes 30+ minutes to resolve high-business-impact outages.
Cut that 30-minute window to under 5 minutes, set up Struct quickly and remove the manual investigation loop.
The Solution: What Automated First-Pass Investigation Adds to APM
Automated first-pass investigation tools start analyzing an alert the moment it fires and do not wait for an engineer to get involved. They gather context across observability platforms, code repositories, and identity systems, then assemble a coherent incident story. Agentic AI systems in incident response can begin investigating an alert the moment it is triggered by gathering context across observability platforms, code repositories, and identity systems without waiting for an analyst.
Struct is purpose-built for this workflow. When an alert fires in a configured Slack channel or PagerDuty queue, Struct automatically queries logs, correlates trace IDs, maps the exception to the relevant code change, and generates a dynamically built dashboard containing the root cause, blast radius, and suggested fix. It completes this work within 5 minutes, before the engineer gets involved. The engineer’s first action is reviewing a completed investigation, not starting one. Customers working at large scale with many services report an 80% reduction in triage time.
APM Tools Comparison: Triage Time Impact Across Platforms
The table below benchmarks seven tools across five criteria that directly affect on-call triage time. The key takeaway is clear. Only Struct delivers zero-click root cause analysis with sub-10-minute setup and a documented 80% triage-time reduction, while traditional APM tools still require manual investigation after alerting. Setup time and triage-time reduction figures are drawn from vendor documentation and cited reports. Cells marked “N/A” indicate the feature is not part of the tool’s documented core capability.
|
Tool |
Setup Time |
Zero-Click Root Cause |
Slack-Native Response |
Documented Triage-Time Reduction |
|---|---|---|---|---|
|
Hours–days (agent + config) |
Anomaly correlation only, manual investigation required after alert |
Alert forwarding via webhook, no native investigation thread |
Not published |
|
|
Hours–days (instrumentation) |
Symptom correlation, engineers still manually search metrics, logs, and traces to connect the dots |
Alert notifications only |
Not published |
|
|
Dynatrace Davis AI |
Days–weeks (full-stack agent rollout) |
Causal AI on Dynatrace-instrumented stack, limited cross-tool correlation |
Alert forwarding, no investigation thread |
Not published |
|
PagerDuty |
Minutes (alert routing only) |
N/A, routing and escalation platform, not an investigation tool |
Incident notifications via Slack app |
Not published |
|
incident.io |
Minutes–hours |
AI-assisted coordination, automated coordination and AI-assisted triage can reduce MTTR by up to 80% |
Slack-native incident channel management |
Up to 80% MTTR reduction (coordination-focused) |
|
Rootly |
Minutes–hours |
Workflow automation, manual log investigation still required |
Slack-native incident channel management |
Not published |
|
10 minutes |
Full zero-click investigation: logs, traces, code correlated before engineer opens laptop |
Native Slack investigation thread with conversational follow-up |
80% reduction, 45-minute investigations completed in under 5 minutes |
How Struct Connects to Your Existing APM and Observability Stack
Struct does not replace existing observability tooling. It connects to the stack engineers already operate and reads from those sources to run its automated investigation. One-click integrations cover alert triggers (Slack, PagerDuty, Sentry, Linear, Jira), observability and log platforms (Datadog, AWS CloudWatch, GCP Logs, Azure Logs and Traces, Grafana, Prometheus, Loki, Sumo Logic, Better Stack), and code context (GitHub).
When an alert fires, Struct queries these sources in parallel, correlates the signals into a unified timeline, and posts the completed investigation to the originating Slack thread. Engineers can then tag Struct directly in that thread to test alternative hypotheses, pull additional log windows, or verify user-specific impact, all without leaving Slack. Once root cause is confirmed, Struct can hand off context to a local CLI, an AI coding agent, or generate a pull request directly.
Connect your existing stack in 10 minutes, integrate Datadog, Sentry, and GitHub without replacing your current observability tools.
Real-World Impact at a Series A Fintech
A Series A fintech company with over 40 engineers operated under strict SLAs that required rapid response and resolution for every alert. Their standard process required engineers to spend 30 to 45 minutes gathering context and identifying root cause per incident, which created a direct SLA risk on every page. After connecting Struct to their Slack alerting channels using the quick setup described earlier, the context-gathering and investigation phase dropped to under 5 minutes per incident. Triage time fell by the same 80% documented in the comparison table, SLA compliance improved, and newer engineers gained a reliable starting point for every alert. The team could then distribute on-call load more evenly without requiring senior engineer escalation for first-pass investigation.
Frequently Asked Questions
Is our data secure? We have strict compliance requirements.
Struct is fully SOC 2 and HIPAA compliant. For the vast majority of Seed to Series C engineering teams, these are the exact compliance standards required. Logs and telemetry data are accessed and processed ephemerally during investigation, and they are not stored or retained by Struct after the investigation completes. Security and compliance requirements are treated as a first-class constraint in the platform’s architecture, not an afterthought.
Will security allow us to use this if our logs cannot leave our VPC?
Struct currently requires access to logs and observability context through its integration layer, connecting to sources like AWS CloudWatch, GCP Logs, Datadog, and Sentry to perform automated investigation. If your organization enforces a strict policy that zero log data can leave your internal network and requires full on-premise deployment, Struct is not the right fit at this time. For teams with standard cloud-hosted observability stacks and SOC 2 or HIPAA compliance requirements, Struct’s architecture is designed to meet those needs.
How long does Struct take to set up?
Setup typically takes 5 to 10 minutes. The process involves three authentication steps. First, connect your issue source, such as Slack or a ticketing system like Linear or Jira. Second, connect your code repository, usually GitHub. Third, connect your observability context, such as Datadog, CloudWatch, or an equivalent platform. Once those integrations are authenticated, auto-investigations can be enabled immediately. There is no agent rollout, no instrumentation change, and no multi-week onboarding process. Struct includes white-glove onboarding and a 30-day risk-free pilot on all plans.
Can I customize how Struct investigates our specific errors?
Struct supports custom instructions, proprietary correlation ID formats, and direct input of your team’s existing on-call runbooks. The composable widget architecture allows engineering teams to specify exactly which data sources and visual outputs should always appear for specific alert types. This approach ensures the automated investigation follows the same diagnostic logic a senior engineer would apply. It also keeps Struct’s output aligned with your system’s specific architecture rather than producing generic root cause summaries.
Conclusion: Faster Root Cause Without Leaving Slack
Engineering teams that want to reduce on-call incident triage time face a clear structural gap. Today’s observability tools flood engineers with alerts but fail to pinpoint the actual source of incidents, which leaves the investigation work entirely to the on-call engineer. With the incident management burden described earlier and nearly 40% of on-call engineers showing burnout symptoms, the cost of manual triage is measurable in both productivity and retention.
Automated first-pass investigation platforms close this gap by completing the investigation before a human gets involved. Struct delivers that capability with a 10-minute setup, native Slack integration, SOC 2 and HIPAA compliance, and the triage-time reduction demonstrated in the case study above, purpose-built for Seed to Series C engineering teams that need faster answers without replacing their existing stack.
See the 80% triage-time reduction in action, book a demo and run your first automated investigation today.
