	In Browser
	StumbleUpon
	del.icio.us
	Google
	Google Buzz
	reddit
	LinkedIn

	Facebook
	Twitter
	Linkedin
	E-Mail

Generative AI > Google Gemini API > Alert Noise Reduction Agent

Alert Noise Reduction Agent

Author: Venkata Sudhakar

Modern IT environments generate thousands of monitoring alerts every day. Without intelligent filtering, operations teams are buried in alert noise - duplicate notifications, low-priority warnings, and correlated events that all point to the same root cause.

An Alert Noise Reduction Agent uses Gemini AI to analyse incoming alerts, group related ones, suppress duplicates, and present only the alerts that need human attention. This reduces alert fatigue and speeds up incident response at ShopMax India.

The agent accepts a batch of raw alerts and applies deduplication, severity filtering, and correlation logic to produce a clean, prioritised action list. The below example shows how ShopMax India uses this agent to cut through monitoring noise.

import asyncio
import json
from datetime import datetime
from google.adk.agents import LlmAgent
from google.adk.tools import FunctionTool
from google.adk.runners import Runner
from google.adk.sessions import InMemorySessionService
from google.genai.types import Content, Part

# Sample raw alerts from ShopMax India monitoring systems
RAW_ALERTS = [
    {"id": "A001", "source": "Nagios", "host": "web-server-01", "service": "HTTP", "severity": "critical", "message": "HTTP service down", "time": "09:00:01"},
    {"id": "A002", "source": "Nagios", "host": "web-server-01", "service": "HTTP", "severity": "critical", "message": "HTTP service down", "time": "09:00:31"},
    {"id": "A003", "source": "Nagios", "host": "web-server-01", "service": "HTTP", "severity": "critical", "message": "HTTP check failed", "time": "09:01:00"},
    {"id": "A004", "source": "Zabbix", "host": "db-server-03", "severity": "high", "message": "MySQL slow queries > 100/sec", "time": "09:05:10"},
    {"id": "A005", "source": "Zabbix", "host": "db-server-03", "severity": "warning", "message": "MySQL connection pool 80% full", "time": "09:05:45"},
    {"id": "A006", "source": "CloudWatch", "host": "payment-api", "severity": "critical", "message": "5xx error rate > 10%", "time": "09:10:00"},
    {"id": "A007", "source": "CloudWatch", "host": "payment-api", "severity": "info", "message": "Request latency increased", "time": "09:10:15"},
    {"id": "A008", "source": "Prometheus", "host": "cache-server-02", "severity": "info", "message": "Redis memory usage 60%", "time": "09:15:00"},
]

def reduce_alert_noise(raw_json: str) -> str:
    """Deduplicate and group related alerts, return actionable list."""
    alerts = json.loads(raw_json)
    seen = {}   # key: (host, service/message_prefix) -> first alert
    grouped = {} # key: host -> list of unique alerts

SUPPRESS_SEVERITY = {"info"}  # suppress info-level by default

actionable = []
    suppressed_count = 0
    duplicate_count = 0

for alert in alerts:
        if alert["severity"] in SUPPRESS_SEVERITY:
            suppressed_count += 1
            continue
        # Deduplication key: same host + first 20 chars of message
        dedup_key = (alert["host"], alert["message"][:20])
        if dedup_key in seen:
            duplicate_count += 1
            continue
        seen[dedup_key] = True
        actionable.append(alert)

# Sort by severity priority
    priority = {"critical": 0, "high": 1, "warning": 2, "info": 3}
    actionable.sort(key=lambda a: priority.get(a["severity"], 99))

result = {
        "total_raw": len(alerts),
        "duplicates_removed": duplicate_count,
        "info_suppressed": suppressed_count,
        "actionable_count": len(actionable),
        "actionable_alerts": actionable
    }
    return json.dumps(result)

noise_tool = FunctionTool(func=reduce_alert_noise)

AGENT_INSTRUCTION = """
You are an Alert Noise Reduction Agent for ShopMax India IT Operations.
When given raw monitoring alerts as JSON:
1. Call reduce_alert_noise with the raw JSON
2. Report the deduplication summary (total raw, duplicates removed, info suppressed)
3. List each actionable alert: host, severity, message, source, time
4. Group correlated alerts by host and highlight the root cause
5. Recommend immediate actions for critical and high severity items
Be concise - the ops team needs facts, not explanations.
"""

alert_agent = LlmAgent(
    name="alert_noise_agent",
    model="gemini-2.0-flash",
    instruction=AGENT_INSTRUCTION,
    tools=[noise_tool],
)

async def main():
    session_service = InMemorySessionService()
    runner = Runner(
        agent=alert_agent,
        app_name="alert_noise_app",
        session_service=session_service
    )
    session = await session_service.create_session(
        app_name="alert_noise_app",
        user_id="ops-team"
    )
    raw_json = json.dumps([a for a in RAW_ALERTS])
    message = Content(parts=[Part(text="Process these monitoring alerts and give me the actionable list: " + raw_json)])
    print("Alert Noise Reduction - ShopMax India IT Ops")
    print("=" * 50)
    async for event in runner.run_async(user_id="ops-team", session_id=session.id, new_message=message):
        if event.is_final_response() and event.content:
            for part in event.content.parts:
                if part.text:
                    print(part.text)

asyncio.run(main())

It gives the following output,

Alert Noise Reduction - ShopMax India IT Ops
==================================================
DEDUPLICATION SUMMARY
Total raw alerts : 8
Duplicates removed: 2 (A002, A003 duplicate of A001)
Info suppressed  : 2 (A007, A008)
Actionable alerts: 4

ACTIONABLE ALERTS (by priority)

[CRITICAL] web-server-01 | HTTP service down
  Source : Nagios | Time: 09:00:01
  Action : Check Apache/Nginx process. Restart if stopped.

[CRITICAL] payment-api | 5xx error rate > 10%
  Source : CloudWatch | Time: 09:10:00
  Action : Check payment service logs. Likely linked to DB slowness.

[HIGH] db-server-03 | MySQL slow queries > 100/sec
  Source : Zabbix | Time: 09:05:10
  Action : Run SHOW PROCESSLIST. Kill long-running queries.

[WARNING] db-server-03 | MySQL connection pool 80% full
  Source : Zabbix | Time: 09:05:45
  Action : Monitor - may escalate if slow queries persist.

ROOT CAUSE CORRELATION
db-server-03 issues (slow queries + connection pool) are likely
causing payment-api 5xx errors. Resolve DB first.

The agent reduced 8 raw alerts to 4 actionable items by removing 2 duplicates and suppressing 2 info-level notifications. Root cause correlation helps the ops team fix the database issue first, which will likely resolve the payment API errors as well. This pattern dramatically reduces alert fatigue in high-volume monitoring environments.

Send your comments, suggestions or queries regarding this site to [email protected].