Sherlocks.ai

How-To Guide

How to Set Up and Use Sherlocks AI

A step-by-step guide to go from zero to your first AI-led incident investigation in under 30 minutes.

30 min setup6 stepsNo code required

Before You Start

Have these ready to make setup smooth.

A Sherlocks AI account (book a demo to get one)

Cloud admin access to deploy Watson into your VPC

Admin access to one observability tool and Slack or Teams

The Six Steps

1

Create your Sherlocks workspace

5 minutes

Book a demo or request access at sherlocks.ai. After your account is provisioned, sign in and create a workspace for your organization. Invite your SRE, platform, and on-call teammates by email.

  • Have your cloud admin and observability tool admin on hand
  • Pick a workspace name that matches your company domain
  • Choose your default timezone for on-call schedules
2

Deploy Watson inside your VPC

10 minutes

Watson is the Sherlocks data collector. It runs inside your cloud account with strictly read-only IAM permissions. Deploy it using the Terraform module, Helm chart, or CloudFormation template from your Sherlocks dashboard.

  • Read-only access only. Watson cannot modify infrastructure
  • PII is redacted at the source before any data leaves your VPC
  • Supports AWS, Google Cloud, and Azure
3

Connect your integrations

5 to 10 minutes

From the dashboard, connect your observability, logging, cloud, and messaging tools. Each integration uses an API key or OAuth with read-only scopes. Most customers start with Datadog or Prometheus, GitHub, and Slack.

  • Observability: Datadog, Prometheus, New Relic, Sentry
  • Logs: Elasticsearch, Coralogix, Loki
  • Code and CI: GitHub, GitLab, Jenkins, GitHub Actions
  • Messaging: Slack or Microsoft Teams for agent replies
4

Route alerts to Sherlocks

5 minutes

Send alerts from PagerDuty, Opsgenie, or your monitoring tool into Sherlocks using a webhook. You can start in shadow mode so Sherlocks investigates without paging your team, then switch to live mode once you trust the output.

  • Copy the webhook URL from the Sherlocks alert settings page
  • Paste it into your PagerDuty, Opsgenie, or Datadog alert integration
  • Start in shadow mode to compare AI findings against your team's investigations
5

Review your first investigation

5 minutes

When the first alert fires, Sherlocks dispatches specialized agents that investigate the issue and post a root cause analysis to Slack or Teams. Review the timeline, evidence, and suggested next steps, then give thumbs up or thumbs down feedback to improve future investigations.

  • Each report includes a timeline, evidence chain, and recommendation
  • Click into any step to see the raw query or log line
  • Feedback trains Sherlocks on your environment's patterns
6

Invite your team and set schedules

5 minutes

Add your on-call rotations, configure notification preferences per severity, and set up daily reliability review channels. Sherlocks will summarize overnight incidents and post a daily digest so your team starts each morning with a clear picture of system health.

  • Set on-call schedules in the Sherlocks dashboard or sync from PagerDuty
  • Configure per-severity notification rules
  • Enable the daily reliability digest for your team channel

What to Expect After Setup

In the first week, Sherlocks builds context about your system. Investigation quality improves with each incident as agents learn your topology, dependencies, and common failure patterns.

  • Day 1: First investigations complete in 15 to 25 minutes
  • Week 1: Alert noise drops 40 to 60% as Sherlocks filters duplicates
  • Week 2: Institutional memory kicks in and repeat incidents resolve 3 to 5x faster
  • Month 1: MTTR typically drops 50 to 70% for teams using live mode

Frequently Asked Questions

Answers to the most common setup questions.

How do I get started with Sherlocks AI tools?

Book a demo on sherlocks.ai, deploy Watson inside your VPC using the provided Terraform or Helm template, connect your observability and messaging tools, and route your first alert. Most teams complete setup in under 30 minutes and see their first investigation within an hour.

How long does it take to set up Sherlocks AI?

A typical setup takes 20 to 40 minutes. The longest step is deploying Watson in your VPC, which usually takes about 10 minutes with Terraform or Helm. Connecting integrations and routing alerts takes another 10 to 20 minutes.

What access does Sherlocks need to my infrastructure?

Sherlocks only needs read-only access. Watson runs inside your VPC and uses read-only IAM roles for cloud providers, read-only API keys for observability tools, and read-only OAuth scopes for code repositories. Sherlocks cannot modify your infrastructure, databases, or applications.

Can I try Sherlocks without paging my on-call team?

Yes. Shadow mode lets Sherlocks investigate every alert without notifying anyone. You can compare the AI findings against how your team resolved the incident, then switch to live mode when you trust the output.

Which integrations do I need to install first?

Start with one observability tool (Datadog, Prometheus, or New Relic), one messaging platform (Slack or Microsoft Teams), and one code source (GitHub or GitLab). You can add more integrations as your team gets comfortable with the platform.

Does Sherlocks work with Kubernetes?

Yes. Sherlocks has a dedicated Kubernetes agent that analyzes pod health, deployments, resource limits, events, and HPA behavior. Watson can be deployed as a Helm chart into any Kubernetes cluster.

Next Steps

About Sherlocks AI

Mission, team, integrations, and security

Incident Response

See how Sherlocks handles incidents end to end

Reduce MTTR in 2026

Go from alert to root cause in minutes

Cut Alert Noise by 90%

Filter duplicates without missing real incidents