From anomaly to resolution — the agentic loop.
Monitoring closes the distance between you and a dashboard. Obxerv closes the distance between "something's wrong" and "it's fixed." Here's the exact loop agents run on top of your signals — continuously, in seconds, and inside the guardrails you set.
Seven steps, run in seconds — continuously.
The same loop a great SRE runs, executed by agents around the clock: observe, understand, act, and learn — with your guardrails on the "act."
What happens at each step.
Every stage of the loop, in the order agents run it — from raw telemetry to a banked runbook.
Observe
Obxerv ingests and normalizes your metrics, logs, traces, and events — OpenTelemetry, Prometheus, and the agents you already run — into one live model of every service. No rip-and-replace: it reads the telemetry you already emit and gives every signal a common shape and timeline so the rest of the loop can reason across all of it.
Detect
Instead of static thresholds that flap and page at 3am for nothing, Obxerv learns each service's normal — its baseline latency, error rate, saturation, and traffic shape by time of day. When a signal deviates from what's normal for that service, it flags an anomaly. Learned baselines mean less flapping and far fewer false pages than fixed limits ever gave you.
Correlate
A single anomaly is rarely the whole story. Obxerv ties the symptom to everything happening around it — related metrics, the log lines that spiked, the traces that slowed, and the recent deploys and config changes in the blast radius. Instead of four disconnected tools, you get one correlated picture of what moved together and when.
Diagnose
An agent reasons over the correlated evidence and ranks root-cause hypotheses — most-likely first — each backed by the specific trace, the offending log line, and the change that caused it. You don't get an anomaly score to interpret; you get a named cause with the evidence attached, the way a senior SRE would hand off an investigation.
Remediate
Obxerv runs the runbook action that matches the diagnosed cause — roll back, restart, scale, drain, or failover — but only inside the guardrails you define. Low-risk, well-understood fixes execute on their own; high-blast-radius actions pause for your one-click approval. Every action is scoped to the affected service and blast radius, and every one is reversible.
Verify
An action isn't "done" until the signals say so. Obxerv watches the same telemetry that flagged the incident and confirms it actually recovered — error rate, latency, and saturation back to baseline — before it closes the incident. If the fix didn't take, it rolls forward or back rather than declaring a false all-clear.
Learn
Every resolved incident is banked as a faster runbook for next time. The pairing of symptom, correlated evidence, root cause, and the action that fixed it becomes reusable, so the next occurrence resolves quicker and with more confidence. Remediations compound with your environment instead of resetting after every on-call rotation.
An incident, start to finish.
A bad deploy exhausts a connection pool on checkout-api. Here's the loop closing on it in real time — no human paged.
Anomaly
Error rate and p99 latency spike on checkout-api — both well outside the service's learned baseline.
Correlated
Obxerv ties the spike to deploy v482, matching the symptom across traces and log lines to the change window.
Root cause
The agent diagnoses it: v482 exhausted the database connection pool, with the offending config and trace attached.
Guardrail check
Policy check passes — auto-rollback is permitted for this service and this blast radius, so no approval is required.
Remediate
Obxerv rolls checkout-api back to v481 — the matching runbook action for a bad-deploy pool exhaustion.
Recovered
Signals return to baseline, Obxerv verifies the recovery and closes the incident, the runbook is banked — no human paged.
A high-blast-radius action — say a failover across the fleet — would instead pause here for one-click approval, with the full evidence in front of you.
You decide what runs unattended.
Autonomy is a dial, not a switch. Set it per service, per action, and per blast radius — Obxerv never acts outside the boundary you draw.
Auto
Low-risk, well-understood fixes — a rollback, a pod restart, a scale-out — run on their own the moment the diagnosis is confident, so recovery doesn't wait on who's awake.
Approve
High-blast-radius actions — a fleet-wide failover, a data-path change — pause for your one-click sign-off, with the root cause and full evidence already assembled for the call.
Notify-only
Anything outside policy — an action you haven't authorized, or a case the agent isn't confident on — simply pages a human with the diagnosis, and takes no action itself.
Whichever mode fires, every action is scoped to the affected service and blast radius, fully audited, and reversible.
Agents do the toil. You make the calls that matter.
Obxerv doesn't take humans out of the loop — it takes the 3am scramble out of it, and hands you the decisions with the context already gathered.
Root cause arrives with the alert
No more starting the investigation from scratch. When a page does reach you, the ranked root cause and its evidence come with it — not a bare symptom.
Approvals are one click, in context
When an action needs sign-off, you approve or hold with the full picture in front of you — the cause, the proposed fix, and the blast radius it touches.
Every heal is logged and reversible
Whatever Obxerv does, it records — the action, the reasoning, and the outcome — and every remediation can be rolled back. Nothing happens off the record.
Watch the loop close on a live incident.
See Obxerv detect a real anomaly, trace it to root cause, and auto-heal the service in real time — then decide where you want a human in the loop.