AI Summary processor — automatically invokes an AI model to analyze alert events and writes the summary back into the event.
Feature Overview
The AI Summary event processor is an intelligent alert analysis tool. It can:
- Automatically invoke an AI model (ChatGPT, Claude, etc.) to analyze alert events
- Generate easy-to-read alert summaries and recommendations
- Write the AI analysis result back into the alert event
- Help operations staff quickly understand the alert content and impact scope
Use Cases
When to use
- Complex alert analysis: when alert details are complex and require expert interpretation
- Junior operators: helping newcomers quickly understand alert meaning
- Batch alert handling: auto-generating standardized alert explanations
- Troubleshooting: getting AI-assisted root-cause analysis and suggestions
Example
Original alert: CPU utilization exceeded 85%, server load too high
AI summary: Server performance anomaly detected. Sustained high CPU usage may lead to:
1. Slower application response
2. Degraded user experience
3. Possible service outage
Suggestion: investigate CPU-heavy processes and consider scaling out.
Steps
Step 1: Obtain AI service credentials
- Sign up with an AI provider (OpenAI, DeepSeek, etc.)
- Get the API key
- Confirm the API endpoint
Step 2: Configure the processor
- Enter the API URL and key
- Select a suitable AI model
- Write the prompt template
- Set custom parameters (optional)
Step 3: Test and validate
- Click “Test” to validate the configuration
- Check whether the AI response matches expectations
- Tune the prompt to optimize results
Step 4: Enable
- Save the configuration and enable the processor
- The AI summary content is added to the alert event. Reference it inside a message template using
{{$event.AnnotationsJSON.ai_summary}}
Tips
Prompt-writing suggestions
- Clear goal: explicitly state what the AI should do
- Limit length: specify a maximum word count to avoid overly long output
- Specify language: explicitly require Chinese or English output
- Structured output: ask for a formatted answer (e.g. bullet points)
Parameter tuning
- temperature: 0.3–0.7 works for analytical tasks
- max_tokens: control output length, recommended 200–500
- top_p: around 0.9 keeps the content relevant
FAQ
Q1: I configured AI Summary correctly, but the AI content does not appear in notifications. Why?
A: Check in this order:
- Does the message template reference
{{$event.AnnotationsJSON.ai_summary}}— the processor only writes the result into annotations; you still need to explicitly reference it in the template for it to show up in notifications; - Did the AI call succeed — check the stderr / response of that node in the Execution Records;
- Timeout too short — AI inference is slow, recommend 30–60 seconds;
- API key / URL valid? — verify via “Test Connection” in LLM Management.
Q2: Can I reuse a model already configured in LLM Management instead of re-entering the API key here?
A: We recommend using LLM Management for centralized management to avoid scattering keys. In the processor, choose “Use platform default LLM” or pick a specific LLM configuration. Filling the API URL + key directly inside the processor is fine for one-off ad-hoc usage but is expensive to maintain.
Q3: How much latency does AI Summary add? How can I reduce it?
A: Typically 3–15 seconds. Ways to reduce latency:
- Choose a lightweight model (e.g.
gpt-4o-mini,deepseek-chat); avoid Reasoning / Thinking models; - Disable thinking mode — see LLM Management;
- Cap
max_tokensat 200–300 (enough for an alert summary); - Place the AI Summary processor after the critical notification node (non-blocking) so it does not delay notification delivery.
Q4: Can the AI directly produce “recommended remediation commands”?
A: Yes — explicitly write in the prompt: “Please output 1–3 commands that can be executed immediately for troubleshooting.” But beware:
- AI-generated commands are for reference only and may not fit your specific environment;
- Do not feed the AI output directly into a self-healing script — too risky.
