Jira Service Management is getting a new navigation

We’re in the process of rolling out these changes and the documentation may not match your experience. Bear with us while we update it to reflect the new changes. More about navigating the new Jira

Group alerts using Rovo

AI is available and automatically activated for all apps on Standard, Premium, and Enterprise plans. Organization admins can manage AI preferences from Apps > AI settings > AI-enabled apps in Atlassian Administration.

AI is not available in Atlassian Government organizations.

 

Alert grouping by Rovo uses both Atlassian’s machine learning and generative AI to group related and similar alerts and to offer insightful suggestions. This helps on-call team members manage alerts more efficiently by grouping similar alerts, reducing noise, and enabling faster incident response.

Alert grouping is a key AIOps feature that:

  • groups similar alerts to prevent alert fatigue and lower cognitive load

  • summarizes related alerts, showing counts, tags, and other key details

  • identifies patterns so you can escalate related alerts to incidents quickly

Make sure you meet these criteria to use alert grouping:

  • You're using the alerting feature that's natively available in Jira Service Management.

  • Your Jira Service Management instance isn't BYOK-encrypted.

To view grouped alerts:

  1. Activate Rovo if you haven’t done so already.
    You must be an organization admin to activate Rovo for Jira Service Management.

  2. Go to the Alerts list from either Your Work or your team’s Operations.

Each alert has a "Tiny ID," and each alert group generated by Rovo has a unique "Group ID."
For more details, see Navigate the alerts list.

Content is based on your permissions, and its quality may vary. Learn why

Bulk actions for alerts and groups

You can escalate alerts or alert groups to incidents by selecting them in the list view and choosing Create incident or Link incident. For more information, see Create incidents from alerts.

  • Select individual alerts or groups and choose Create incident.

  • Select individual alerts or groups and choose Link incident.

Individual alerts and alerts in a group that you don’t have permission to view aren’t included in bulk actions.

View group details

To view details for a group of alerts:

  1. From the alert list view, select a group. The Alerts tab opens by default.

  2. Optionally, assign a team member as the group assignee.

Alert list view showing individual alerts and alert groups

The group detail view includes:

 


Title

Rovo-generated, based on the alerts in the group.

 

Ack all / Close all / Snooze all / Delete all

Perform these actions on all alerts in the group.

The Alerts tab

 

 

Alert count

Number of alerts in the group (only those you have permission to view).

 

Priority

Derived by Rovo from the alerts in the group.

Created

Time at which the group was created.

Last updated

Time at which the group was last updated.

Grouped by

Semantic similarity or tags, which means Rovo has added incoming alerts to this group because they’re about the same topic and/or have similar content, or tags contained in them.

Grouping stage

Current stage of grouping which can be either Grouping now or Grouping ended.

Assignee

Owner of the group.

Alert responders

Responders on individual alerts in the group.

The Details tab

 

 

 

Description

A Rovo-generated summary of the group based on the alerts that are part of it. Select Refresh to update to update the description as more similar alerts get added to the group.

Tags

Tags from the alerts in the group.

Linked incidents

Any incidents linked to the group.

Actions

All actions available in the alert list view are also available in the group detail view. You can perform bulk actions (acknowledge, close, create incident, link incident, remove from group) on multiple alerts within a group.

Suggestions by Rovo

Based on the alert groups created, Rovo makes insightful suggestions in terms of past responders, and past alert groups, to help the on-call teams to respond faster.

Create an incident

To create an incident from the alerts in a group:

  1. Select the relevant alerts in a group.

  2. Select Create incident. You can also do this from the What more can you do? panel on the right.
    The Create issue dialog comes up. Rovo suggests a title, a description, and a priority for the incident you’re creating.

  3. Edit any Rovo-suggested value in the form as necessary. Also, use the thumbs-up or thumbs-down icon to let us know if they make sense or not.

  4. Select Create.

Reach out to past responders

To help you quickly identify who might be best equipped to deal with a specific issue, Rovo suggests responders who have dealt with similar alerts before. This way, you can save time finding the right person and potentially resolve the issue more efficiently.

Check the history of similar alert groups

Rovo also suggests similar alert groups from the past based on their semantic similarity with the current one or tags used, to help you identify patterns or recurring issues over time. By comparing the current alert group with past ones, you can find out if a similar situation occurred before and understand how it was handled. This can improve your decision-making process and potentially lead to more efficient problem-solving.

Alert groups and data residency moves

If you decide to move your product data from one data residency location to another, any alert groups you previously had will be permanently deleted. This is because we currently don’t support moving group-related data. In the new location, however, Rovo will start creating groups from scratch.

Feedback

Use the thumbs up 👍 or thumbs down 👎 icons on any Rovo-generated input to provide feedback. For example, if an alert is grouped incorrectly, select the thumbs-down icon and share details.

For more information about Rovo and AI, visit our Trust Center or any of the following links:

Frequently asked questions

What goes into alert grouping?

Efficient alert grouping is essential for reducing noise and helping teams focus on what matters most during incident triage. Over time, our approach to grouping alerts has evolved to become more intelligent and context-aware, ensuring that related alerts are handled together and teams aren’t overwhelmed by redundant notifications.

Our current model groups alerts based on semantic similarity in their titles, descriptions, and tags, which means it identifies similarities in the language and structure of the alert content.

Example scenario

Suppose your monitoring system generates these alerts:

Alert 1

  • Title: Deployment 1 failed for Service A at 13:44 UTC

  • Description: Healthcheck failed for deployment 1. View runbook

Alert 2

  • Title: Deployment 2 failed for Service A at 14:19 UTC

  • Description: Healthcheck failed for deployment 2. View runbook

These alerts are from the same service and share a similar structure and wording and hence will be grouped.

To give you a picture of how grouping happens at a greater level of detail:

Alert content

Example

Alerts grouped?

Titles: Different

Tags: Same or different

Descriptions: Same or different

Alert 1

Title: Database connection timeout on Service A
Tags: service-a, severity:critical
Description: The application failed to connect to the database at 10:15am UTC. View runbook

Alert 2

Title: High memory usage detected on Service A
Tags: service-a, severity:critical
Description: The application failed to connect to the database at 10:15am UTC. View runbook

NO

Titles: Similar

Tags: Same

Descriptions: Highly similar

Alert 1

Title: Deployment 1 failed for Service A at 02:49pm IST
Tags: service-a, severity:critical
Description: Sent alert on high volume of 5xx from deployment 1. View runbook

Alert 2

Title: Deployment 2 failed for Service A at 05:19pm IST
Tags: service-a, severity:critical
Description: Sent alert on high volume of 5xx from deployment 2. View runbook

YES

Titles: Similar

Tags: Same

Descriptions: Same

Alert 1
Title: Deployment 1 failed for Service A at 02:49pm IST
Tags: service-a, severity:critical
Description: Sent alert on high volume of 5xx from deployment 1. View runbook

Alert 2
Title: Deployment 1 failed for Service A at 11:04am IST
Tags: service-a, severity:critical
Description: Sent alert on high volume of 5xx from deployment 1. View runbook

YES

Titles: Similar

Tags: Same

Descriptions: Same

Alert 1
Title: Deployment 1 failed for Service A at 02:49pm IST
Tags: service-a, severity:critical
Description: Sent alert on high volume of 5xx from deployment 1. View runbook

Alert 2
Title: Deployment 1 failed for Service A at 11:04am IST
Tags: service-a, severity:critical
Description: Sent alert on high volume of 5xx from deployment 1. View runbook

YES

Titles: Same

Tags: Same

Descriptions: Different

Alert 1
Title: Deployment 1 failed for Service A at 02:49pm IST
Tags: service-a, severity:critical
Description: Sent alert on high volume of 5xx from deployment 1. View runbook

Alert 2
Title: Deployment 1 failed for Service A at 02:49pm IST
Tags: service-a, severity:critical
Description: Deployment 1 failed due to missing environment variable. View runbook

NO

Titles: Same

Tags: Different

Descriptions: Same

 

Alert 1
Title: Deployment 1 failed for Service A at 02:49pm IST
Tags: service-a, severity:critical
Description: Sent alert on high volume of 5xx from deployment 1. View runbook

Alert 2
Title: Deployment 1 failed for Service A at 02:49pm IST
Tags: service-a, severity:warning
Description: Sent alert on high volume of 5xx from deployment 1. View runbook

NO

The model recognizes the semantic similarity and groups them together, making it easier for your team to review and act on related alerts as a set.

This allows you to:

  • see all related issues in one place

  • avoid duplicate effort and unnecessary distractions

  • take action on the group, such as acknowledging or escalating it, rather than handling each alert individually

Alert grouping continues to evolve, with ongoing improvements to make it even more precise and customizable for your team’s needs.

When will I start seeing grouped alerts on my site?

If your site has a significant alert volume over the past 90 days and Rovo detects similar patterns amongst them, you can expect grouping to begin within 4 hours to a day. However, if you're relatively new to the operations space and haven’t had many alerts in the past 90 days, grouping may not start immediately. This is because Rovo needs to identify similar patterns before it can group alerts. After about 15 days, it undergoes retraining and will begin to recognize patterns, leading to alert grouping.

While there's no specific minimum number of alerts required for grouping to start, Rovo needs consistent patterns to even start grouping. This means an alert should have occurred at least 4 times in the last 90 days for it to be considered for grouping. However, if your alerts are infrequent or seasonal, they might not form groups even after Rovo undergoes training again.

How is Atlassian protecting my data?

This particular Rovo feature uses both Atlassian’s machine learning in addition to generative AI. Our machine learning model is individually trained for each customer, to better identify and enhance the grouping of similar alerts within your instance. The training is customer-specific - your data isn’t used to train a model for other customers, or shared between customers. Additionally, as with all of our Rovo features, your data isn’t used to train any LLMs.

Alert grouping takes into account user access permissions. You’ll be able to see an alert group even if you have access to only one alert in that group. For instance, Rovo groups 50 alerts based on their tags and semantic similarity and you have permissions to view only 30 of them, you’ll only see those 30 in the group detail view. The same applies when you create an incident from an alert group as well, which means only those alerts in the group that you have permissions to view will be linked to the incident.

 

Still need help?

The Atlassian Community is here for you.