Sazabi
ChatTools

Alert Tools

The assistant can create, query, and manage alerts based on investigation findings.

The alert tools let the assistant notify your team about problems it discovers during investigations. Alerts are created with structured details, delivered through your configured channels, and can be linked to status page components for automatic incident tracking.

Available tools

The assistant has access to four alert-related tools:

ToolPurpose
trigger_alertCreate a new alert with structured details
list_alertsList recent alerts for the current project
search_alertsSearch alerts by name, status, or severity
update_alert_statusResolve or update an existing alert

Creating alerts

When the assistant finds a significant issue during an investigation, it can trigger an alert using the trigger_alert tool. Each alert includes three required sections that provide actionable context:

  • What happened: A summary of the problem and its user-facing impact
  • Why it happened: The root cause or best current hypothesis
  • How to fix: The recommended next step for remediation
"We're seeing a spike in 500 errors on the checkout API. Can you
investigate and alert the team if it's serious?"

The assistant will search logs, analyze patterns, and if it finds a problem worth alerting, create an alert with structured details:

{
  "whatHappened": "Elevated 500 errors on /api/checkout endpoint...",
  "whyItHappened": "Database connection pool exhaustion due to...",
  "howToFix": "Restart the checkout service pods to clear stale connections..."
}

Alert naming

Alerts have a stable name used for deduplication and search. The assistant generates this from the whatHappened summary, excluding volatile details like timestamps, counts, or request IDs. You can search for alerts by name using the search_alerts tool.

Muted alerts

If an alert with the same name is currently muted, the assistant will not create a new alert. Instead, it increments a mute hit counter so you can track how often the condition is occurring. Muted alerts can be unmuted from the Sazabi dashboard or Slack.

Severity levels

Alerts have four severity levels that affect prioritization and display:

SeverityWhen to use
lowMinor issues with no immediate user impact
mediumIssues affecting some users or degrading performance (default)
highSignificant problems affecting many users
criticalComplete failures or security incidents requiring immediate response

The assistant selects severity based on its assessment of user impact. You can influence this by describing the urgency in your request:

"This is critical infrastructure, create a high-severity alert if there's
an issue."

Querying alerts

The assistant can search your project's alert history to provide context during investigations.

Listing recent alerts

For broad lookups, the assistant uses list_alerts:

"Show me recent alerts"
"What alerts are currently open?"
"List resolved alerts from this week"

Searching with filters

For specific queries, the assistant uses search_alerts with filters:

"Search for alerts mentioning payment service"
"Show me all critical alerts"
"Find open alerts with high severity"

Search supports filtering by:

  • Name: Partial, case-insensitive match on alert name
  • Status: open or resolved
  • Severity: low, medium, high, or critical

Using alert context

When you ask about ongoing issues, the assistant can query alerts to understand what has already been identified:

"Is there already an alert for the authentication errors I'm seeing?"

The assistant will search for related alerts and avoid creating duplicates if an open alert already covers the same issue.

Resolving alerts

When a problem is fixed, the assistant can resolve the alert using update_alert_status:

"The checkout service is healthy now, resolve that alert"
"Mark the authentication alert as resolved, we deployed a fix"

Resolved alerts:

  • Cannot be reopened (resolution is terminal)
  • Trigger a status update notification to Slack
  • Auto-resolve any linked status page issues

The assistant can include a resolution note that appears in the Slack notification:

{
  "alertId": "...",
  "status": "resolved",
  "note": "Fixed by deploying checkout-service v2.3.1"
}

Alert delivery

When an alert is created or updated, Sazabi delivers notifications through your configured channels.

Slack notifications

If your organization has the Slack integration connected with an alerts channel configured, alerts are delivered as rich messages including:

  • Alert name and severity indicator
  • Impact, root cause, and recommended action sections
  • View in Sazabi button linking to the alert thread
  • Mute and Resolve action buttons
  • Feedback buttons for training the AI

Status updates (like resolution) are posted as threaded replies to the original alert message.

Configure your alerts channel in Settings then Integrations then Slack after connecting the Slack integration.

Linking to status pages

Alerts can be linked to status page components for automatic incident tracking. When you ask the assistant to create an alert for a specific service, it can look up the corresponding status component and include it:

"Create a high-severity alert for the payment gateway and update the
status page"

When an alert is linked to a component:

  1. A status issue is automatically created for that component
  2. The component status changes based on alert severity
  3. The issue is auto-resolved when the alert is resolved

Severity to status mapping

Alert SeverityComponent Status
low or mediumDegraded (yellow)
high or criticalOutage (red)

The assistant will only link alerts to status components that exist in the current project. Ask the assistant to list available components if you are unsure what is configured.

Investigation threads

Each alert has an associated thread where you can continue investigating. When you click View in Sazabi from a Slack notification, you land in the alert's thread with full context.

If the alert was triggered during a conversation, it links back to the source thread. This lets you trace from an alert notification to the original investigation that discovered the problem.

Example workflow

Ask the assistant to investigate

Start with a question about a problem you are seeing or want checked.

Assistant searches and analyzes

The assistant queries logs, identifies patterns, and determines the root cause and severity of the issue.

Alert created and delivered

If the problem warrants notification, the assistant creates an alert with structured details and it is delivered to Slack.

Team responds via Slack or dashboard

Team members can mute, resolve, or click through to continue the investigation in Sazabi.

Overview

The assistant uses tools to search logs, create artifacts, manage alerts, and connect to external services.

Artifacts

Generated outputs like charts, tables, and code that the assistant creates during investigations.

On this page

Available toolsCreating alertsAlert namingMuted alertsSeverity levelsQuerying alertsListing recent alertsSearching with filtersUsing alert contextResolving alertsAlert deliverySlack notificationsLinking to status pagesSeverity to status mappingInvestigation threadsExample workflow