Generative AI powered Root cause analysis
Summarize
Summary of Generative AI powered Root cause analysis
Generative AI powered Root Cause Analysis (RCA) in Instance Observer automates the identification and explanation of incident origins by analyzing telemetry signals such as Memory, Database, Transactions, Cache flush, and Sessions. It accelerates issue detection and enhances resolution accuracy by correlating anomalies, generating human-readable summaries, and recommending resolutions based on historical incident analysis. Note that generative AI summarization and recommendation features are unavailable in regulated markets, where only core Root Cause Correlation (RCC) is offered.
Show less
Key Features
- Root Cause Correlation (RCC): Automatically analyzes logs, metrics, and performance data to correlate anomalies and isolate root causes efficiently, reducing noise and manual effort.
- LLM-based Root Cause Summary (RCS): Uses a large language model to generate concise, clear summaries of correlated telemetry data, providing insights into the likely root cause and impacted components.
- LLM-based Root Cause Recommendation (RCR): Provides AI-driven resolution suggestions by referencing similar past incidents and successful case tasks, delivering personalized guidance tailored to the customer’s instance and service.
Benefits for ServiceNow Customers
- Reduced Mean Time To Detect (MTTD) and Mean Time To Repair (MTTR): Faster signal grouping, correlation, and summarization help teams detect and remediate issues more quickly.
- Actionable, Human-readable Summaries: Clear insights allow for quicker understanding and decision-making.
- Recommended Resolutions with Case Task Linking: Direct references to proven fixes save time and promote knowledge reuse, reducing trial-and-error in incident response.
- Human-in-loop Validation: Recommendations are advisory; operators validate and apply fixes according to standard operating procedures, ensuring control and compliance.
Additional Practical Information
- RCA is a deterministic model and may not generate reports for every alert or scenario; manual analysis remains an option when data is insufficient.
- RCC analyzes recent 24-hour data from production instances to correlate root causes automatically.
- ServiceNow customers can configure RCC alerts to receive RCA reports and use the RCA History page to review past alerts and performance degradations for deeper investigation.
Root cause analysis in Instance Observer provides automated detection and summarization of issues. It includes built-in root cause correlation and root cause summary using a large language model (LLM), which helps reduce troubleshooting time, improve incident transparency, and generative AI driven root cause recommendation by analyzing similar historical incidents.
Overview of Root Cause Analysis (RCA)
RCA automatically identifies and explains the origin of incidents by analyzing multiple telemetry signals. Signals included are related to Memory, Database, Transactions, Cache flush, and Sessions. This analysis enables teams to detect issues faster and resolve them more accurately by correlating relevant anomalies and generating human-readable summaries and recommended resolutions.
Benefits of RCA
- Reduced Mean Time To Detect (MTTD) or Mean Time To Repair (MTTR) through quick signal grouping and summarization.
- Actionable summaries for faster remediation or automation.
- Recommended resolutions by analyzing similar historical incidents.
For more information, see Instance Observer performance insights.
Root Cause Correlation (RCC)
RCC feature intelligently analyzes logs, metrics, and performance data to identify relationships and dependencies between anomalies automatically. By correlating signals across different performance metrics, it helps you to isolate quickly the origin of an issue with minimal manual effort. This correlation eliminates noise and narrows down the likely root cause from a sea of signals.
LLM-based Root Cause Summary (RCS)
As soon as correlated data are identified, an LLM is invoked to generate a concise, human-readable summary. The LLM processes both structured and unstructured telemetry data to provide clear insights into the likely root cause and affected components.
The transaction with ID XXXXXX for URL/sys_XXX.do has exceeded the maximum execution time, resulting in a cancellation. The total time taken for this transaction was 0:04:59.044, with processing time of 0:04:59.041 and CPU time of 0:00:07.775. The transaction was initiated by user XXXX. The SQL time was 0:00:50.154, with 4,836 queries executed.
Total processing time of 1095 secs for URL sys_XXX.do. EXCESSIVE processing time of 0:02:37.194 for ListRecordDefaultTag. Slow silent evaluate for: __ref__.canRead() took 0:00:02.475. A large amount of data has been streamed: 1,048,578 bytes by StreamingBytesSizeHandler. Total processing time of 1095 secs for URL sys_XXX.do.
LLM-based Root Cause Recommendation (RCR)
Instance Observer provides AI-powered recommended resolutions by analyzing similar historical incidents for the same instance. The system makes reference to case tasks that were successful in the past to resolve comparable issues and suggests them as the most likely remediation steps.
- Personalized guidance
- Recommendations are tailored to the instance and service based on past resolution history.
- Case task linking
- Direct reference to earlier case tasks ensures that you can review proven fixes rather than starting from scratch.
- Human-in-loop validation
- Recommendations are advisory in nature; operators must validate and apply them according to their standard operating procedures (SOPs).
This component reduces trial-and-error in incident response and ensures knowledge reuse across recurring patterns.
Review the query SELECT fcr.u_XXXX_approval_status AS fcr_u_w7e_XXX_status, taskslatable.time_left and optimize it by adding indexes or rewriting it for better performance, similar to the solution proposed in Incident ID CSXXXXXX, where indexes were suggested to be added to the tables to improve query performance.