Root Cause Analysis
Automatic Root Cause Analysis — From Alert to Diagnosis in Seconds
Most monitoring tools tell you something is broken. Sitewatch tells you why. Every incident is automatically classified into a cause family with a confidence score and grounded evidence — so you skip the investigation and go straight to fixing.
- 10 cause families covering infrastructure, application, and content delivery
- Confidence scoring so you know how certain the diagnosis is
- Evidence-grounded — every classification is backed by check data
Why root cause analysis
Stop guessing. Start diagnosing.
10 cause families
Every incident is classified into a specific cause family — from DNS resolution failures to deployment artifact issues. No ambiguity.
Confidence scoring
Each diagnosis includes a confidence percentage based on evidence strength. High confidence means act now; lower confidence means investigate the top candidates.
Evidence-grounded
Classifications are backed by actual check data — HTTP status codes, MIME types, response headers, and timing. Not guesswork.
Zero configuration
Root cause analysis works out of the box. No rules to configure, no patterns to define. Sitewatch classifies automatically based on check evidence.
What gets classified
10 cause families across three categories
Infrastructure
- DNS resolution failure — domain not resolving or pointing to wrong IP
- Origin server error — 5xx responses from your hosting provider
- SSL/TLS certificate issue — expired, misconfigured, or mismatched certificates
- Network connectivity — timeouts, connection refused, or routing issues
Application
- Deployment artifact missing — JS/CSS bundles deleted or not built
- Application error — framework-level crashes or runtime exceptions
- Configuration drift — environment variables, feature flags, or routing misconfigured
Content delivery
- CDN cache misconfiguration — stale content, wrong MIME types, or edge errors
- Third-party dependency failure — external scripts or APIs returning errors
- Redirect misconfiguration — loops, chains, or incorrect destinations
10
Root cause families
23
Tech stacks detected
90%
Maximum confidence score
The difference
Generic alerts vs. root cause diagnosis
| Feature | Generic monitoring alerts | Sitewatch root cause analysis |
|---|---|---|
| Alert content | "Site is down" or "check failed" | Specific cause family with evidence |
| Investigation time | 15-60 minutes of manual debugging | Seconds — diagnosis is automatic |
| Fix guidance | None — figure it out yourself | Stack-aware fix playbooks |
| Confidence level | Unknown — is it real? | Confidence score with each diagnosis |
| Configuration | Rules and thresholds to maintain | Zero config — works out of the box |
Alert content
Investigation time
Fix guidance
Confidence level
Configuration
FAQ
Frequently asked questions
When Sitewatch detects an incident, it analyzes the check evidence — HTTP status codes, response headers, MIME types, timing data, and asset fingerprints — to classify the most likely root cause. The classification is matched against known cause patterns across 10 families.
Cause families are categories of root causes grouped by domain: infrastructure (DNS, origin server, SSL, network), application (deployment artifacts, app errors, config drift), and content delivery (CDN cache, third-party dependencies, redirects). Each incident is classified into the most likely family.
Confidence scores range from low to 90% maximum. The score reflects how strongly the check evidence matches a known cause pattern. High-confidence diagnoses (70%+) are very reliable. Lower scores indicate multiple possible causes — Sitewatch ranks them so you can investigate the most likely first.
No. Root cause analysis works automatically based on check evidence. There are no rules to set up, no patterns to define, and no training period. It starts classifying from your first incident.
Yes. Every root cause classification links back to the specific check data that informed it — including HTTP status codes, response headers, MIME type mismatches, and timing information. The evidence is included in incident reports and Slack/email alerts.