How-To Guide
A step-by-step guide to go from zero to your first AI-led incident investigation in under 30 minutes.
Have these ready to make setup smooth.
A Sherlocks AI account (book a demo to get one)
Cloud admin access to deploy Watson into your VPC
Admin access to one observability tool and Slack or Teams
Book a demo or request access at sherlocks.ai. After your account is provisioned, sign in and create a workspace for your organization. Invite your SRE, platform, and on-call teammates by email.
Watson is the Sherlocks data collector. It runs inside your cloud account with strictly read-only IAM permissions. Deploy it using the Terraform module, Helm chart, or CloudFormation template from your Sherlocks dashboard.
From the dashboard, connect your observability, logging, cloud, and messaging tools. Each integration uses an API key or OAuth with read-only scopes. Most customers start with Datadog or Prometheus, GitHub, and Slack.
Send alerts from PagerDuty, Opsgenie, or your monitoring tool into Sherlocks using a webhook. You can start in shadow mode so Sherlocks investigates without paging your team, then switch to live mode once you trust the output.
When the first alert fires, Sherlocks dispatches specialized agents that investigate the issue and post a root cause analysis to Slack or Teams. Review the timeline, evidence, and suggested next steps, then give thumbs up or thumbs down feedback to improve future investigations.
Add your on-call rotations, configure notification preferences per severity, and set up daily reliability review channels. Sherlocks will summarize overnight incidents and post a daily digest so your team starts each morning with a clear picture of system health.
In the first week, Sherlocks builds context about your system. Investigation quality improves with each incident as agents learn your topology, dependencies, and common failure patterns.
Answers to the most common setup questions.
Book a demo on sherlocks.ai, deploy Watson inside your VPC using the provided Terraform or Helm template, connect your observability and messaging tools, and route your first alert. Most teams complete setup in under 30 minutes and see their first investigation within an hour.
A typical setup takes 20 to 40 minutes. The longest step is deploying Watson in your VPC, which usually takes about 10 minutes with Terraform or Helm. Connecting integrations and routing alerts takes another 10 to 20 minutes.
Sherlocks only needs read-only access. Watson runs inside your VPC and uses read-only IAM roles for cloud providers, read-only API keys for observability tools, and read-only OAuth scopes for code repositories. Sherlocks cannot modify your infrastructure, databases, or applications.
Yes. Shadow mode lets Sherlocks investigate every alert without notifying anyone. You can compare the AI findings against how your team resolved the incident, then switch to live mode when you trust the output.
Start with one observability tool (Datadog, Prometheus, or New Relic), one messaging platform (Slack or Microsoft Teams), and one code source (GitHub or GitLab). You can add more integrations as your team gets comfortable with the platform.
Yes. Sherlocks has a dedicated Kubernetes agent that analyzes pod health, deployments, resource limits, events, and HPA behavior. Watson can be deployed as a Helm chart into any Kubernetes cluster.