Skip to main content

Automatic trigger

When a critical alert arrives at your Obsy webhook endpoint, RCA starts automatically within seconds. You don’t need to do anything. The trigger threshold is configurable: by default, any alert with severity: critical triggers automatic RCA. Warning-severity alerts that have been firing for more than 15 minutes also qualify.

What happens step by step

  1. Alert received — Obsy receives the webhook payload from Datadog, Grafana, or New Relic.
  2. Alert normalized — The payload is parsed into Obsy’s common Alert entity (service, severity, signal type, labels).
  3. RCA queued — A background job is created for AI analysis.
  4. Context gathered — Obsy pulls recent deployments (from Change Intelligence), service dependencies (from the service catalog), and cluster events.
  5. AI analysis — The AI model evaluates the context and produces a structured report.
  6. Report stored — The RCA is saved and linked to the alert. If an incident was created, it’s linked there too.
  7. Notification sent — If Slack or email notifications are configured for incidents, a message with the RCA summary is included.

Viewing the result

From the Alerts list, open the alert and click View RCA in the alert detail panel. The RCA detail page shows all sections of the report. Alternatively, go to RCA in the sidebar to see all recent analyses sorted by time.

Re-running an RCA

If new context has become available (e.g. a deployment was identified after the initial analysis), you can re-run:
  1. Open the RCA detail page.
  2. Click Re-run analysis.
The new report replaces the previous one and is re-linked to the alert and incident.