Incident Note Template
A compact operator note format for capturing symptoms, checks, decisions, and follow-up while the issue is fresh.
Good For
- support handoff
- post-incident review
- change notes
- repeat troubleshooting
How to Use It
- Symptom: What broke, who saw it, and when it started.
- Scope: Affected users, systems, sites, services, and networks.
- Checks: Commands, logs, dashboards, and observations with timestamps.
- Action: What changed, who approved it, and what risk it carried.
- Validation: How you proved the issue was fixed or contained.
- Follow-up: Any cleanup, monitoring, documentation, or prevention work.
Execution Modes
- local
Inputs and Outputs
Inputs
- symptom
- scope
- timeline
- checks
- actions
- validation
Outputs
- operator-notes
- template
- log-file
Command Starter
Example pattern only. Adjust for your environment before running.
## Incident Note **Start time:** **Reported by:** **Primary symptom:** **Business impact:** ### Scope - Users affected: - Systems affected: - Sites or network segments affected: ### Checks performed | Time | Check | Result | Evidence link or note | |---|---|---|---| | | | | | ### Actions taken | Time | Action | Approval or risk note | |---|---|---| | | | | ### Validation - What proved recovery or containment: - What remains unverified: ### Follow-up | Task | Owner | Due date | |---|---|---| | | | |
Validation
- Another operator can understand the timeline without asking for context.
- The note separates observations from guesses.
- Follow-up tasks are specific and assigned.
Reporting
- Copy the template directly into an incident ticket, chat handoff, or post-incident worksheet.
- Keep evidence links and timestamps close to the check/action rows so another operator can reconstruct the timeline.
- Promote repeated use into an incident operations notes and handoff template pack.
Safety Notes
- Separate observations from assumptions.
- Avoid including secrets or sensitive customer data in reusable templates.