When alerts fire from your monitoring system, Devin automatically analyzes the issue, identifies the root cause, implements a fix, creates a PR, and notifies your team — all in minutes, not hours.
Alert Fires → Devin Analyzes → Root Cause Found → PR Created → Team Notified
↓ ↓ ↓ ↓ ↓
30 seconds 2 minutes 5 minutes 8 minutes Done ✅
Instead of:
- Engineer gets paged at 3 AM 😴
- Spends 30 min understanding the alert
- Spends 1 hour finding root cause
- Spends 2 hours writing a fix
- Creates PR next morning
With Devin Triage:
- Alert fires → Devin session auto-created
- Devin clones repo, traces error, identifies root cause
- Devin creates PR with fix + tests
- Engineer wakes up to a solved problem ☕
Choose your monitoring platform, or use both for defense-in-depth:
| Azure Monitor | Elastic (Kibana) | |
|---|---|---|
| Best for | Azure-native workloads | Complex log analysis, ML |
| Setup time | ~30 minutes | ~45 minutes |
| Alert types | Metrics, Logs, Activity | Logs, Metrics, ML Anomaly |
| Query language | KQL | KQL, Lucene, ES DSL |
| Cost | Often included with Azure | Subscription or self-managed |
Perfect if you're running on Azure (AKS, App Service, Functions, VMs).
Perfect if you're using the ELK stack or need ML-powered anomaly detection.
Use Azure Monitor for quick metric alerts + Elastic for deep log analysis and ML.
→ Comparison & Multi-Platform Guide
The golden rule: Devin is a software engineer, not a cloud administrator.
| Alert Type | Why It Works |
|---|---|
| Application exceptions | Devin can fix bugs in YOUR code |
| API integration failures | Devin can fix YOUR error handling |
| Token/auth handling errors | Devin can add retry logic to YOUR code |
| Database query bugs | Devin can fix YOUR queries |
| Parsing/validation errors | Devin can improve YOUR validation |
| Alert Type | Why It Fails |
|---|---|
| Azure IAM/permissions | Devin can't modify your AD configuration |
| Infrastructure failures | Devin can't restart VMs or resize disks |
| External service outages | Devin can't fix Stripe being down |
| Certificate expiration | Devin can't renew your SSL certs |
| User input errors | Not a bug — expected behavior |
→ Full Use Cases & Best Practices Guide — Detailed examples, alert configuration tips, and anti-patterns to avoid.
You'll need a Devin API key to create sessions. Choose the right key type for your use case:
| Key Type | Prefix | Best For | Docs |
|---|---|---|---|
| Personal API Key | apk_user_* |
Testing, personal automation | Create Key → |
| Service API Key | apk_* |
Team automation, CI/CD | Create Key → |
| Service User (v3) | cog_* |
Enterprise with RBAC | Create Service User → |
To create a Personal or Service API Key:
- Go to app.devin.ai/settings/api-keys
- Click "Generate New API Key"
- Copy the key immediately (it's only shown once!)
📚 Full API Documentation:
- Authentication & API Keys — Key types, security, troubleshooting
- v1 API Usage Examples — Creating sessions, monitoring, file uploads
- v1 Create Session — Session creation endpoint
You need a publicly accessible endpoint that receives alerts and calls the Devin API.
Reference implementation: See demo-ui/src/app/api/trigger-devin/route.ts
Deploy this endpoint to Azure Functions with these environment variables:
| Variable | Description | Where to Get |
|---|---|---|
DEVIN_API_KEY |
Your Devin API key | app.devin.ai/settings/api-keys |
TARGET_REPO |
Repo Devin will analyze | Your GitHub repo URL |
Azure Monitor:
- Create an Action Group with a Webhook action
- Point it to your deployed endpoint URL
- Enable "Common alert schema"
- Create Alert Rules that use your Action Group
Elastic:
- Create a Webhook Connector in Kibana
- Point it to your deployed endpoint URL
- Create Alerting Rules that use your Connector
curl -X POST https://your-endpoint-url/api/trigger-devin \
-H "Content-Type: application/json" \
-d '{"alertName":"test","severity":1,"description":"Test alert"}'You should receive a response with a Devin session URL.
| Benefit | Description |
|---|---|
| Native Integration | Built into Azure Portal, no extra infrastructure |
| Zero Setup for Azure Resources | AKS, App Service, Functions already emit metrics |
| Action Groups | Reusable notification targets (webhook, email, SMS, Teams) |
| Alert Processing Rules | Route alerts to different actions based on severity/resource |
| Cost Effective | Often included in existing Azure spend |
✅ Running workloads on Azure (AKS, App Service, VMs, Functions)
✅ Want fastest time-to-value (30 min setup)
✅ Simple threshold-based alerts (error count > 0, latency > 10s)
✅ Team already familiar with Azure Portal
✅ Budget-conscious (often included in Azure subscription)
┌─────────────────────┐
│ Your Azure │
│ Resources │
│ (AKS, App Service) │
└──────────┬──────────┘
│ Metrics & Logs
▼
┌─────────────────────┐
│ Azure Monitor │
│ Alert Rules │
│ (KQL queries) │
└──────────┬──────────┘
│ Alert fires
▼
┌─────────────────────┐
│ Action Group │
│ (Webhook action) │
└──────────┬──────────┘
│ POST request
▼
┌─────────────────────┐
│ Your Webhook │
│ /api/trigger-devin│
└──────────┬──────────┘
│ Creates session
▼
┌─────────────────────┐
│ Devin AI │
│ Analyzes & Fixes │
└──────────┬──────────┘
│
┌─────┴─────┐
▼ ▼
┌─────────┐ ┌─────────┐
│ GitHub │ │ Slack │
│ PR │ │ Alert │
└─────────┘ └─────────┘
| Benefit | Description |
|---|---|
| ML Anomaly Detection | Automatically detect unusual patterns without manual thresholds |
| Full-Text Search | Powerful log analysis with Lucene and ES Query DSL |
| Cross-Service Correlation | Trace issues across microservices automatically |
| Long-Term Retention | Configurable data retention for compliance |
| Multi-Cloud | Works with any cloud or on-prem |
✅ Need ML-powered anomaly detection (no manual thresholds)
✅ Complex log analysis and correlation across services
✅ Already using ELK stack or Elastic Cloud
✅ Multi-cloud or hybrid environment
✅ Security/SIEM use cases
✅ Need advanced query capabilities (Lucene, ES DSL)
┌─────────────────────┐
│ Your Services │
│ (any cloud/on-prem)│
└──────────┬──────────┘
│ Logs (Filebeat, Logstash)
▼
┌─────────────────────┐
│ Elasticsearch │
│ (Index & Search) │
└──────────┬──────────┘
│
┌─────┴─────┐
▼ ▼
┌─────────┐ ┌─────────┐
│ Kibana │ │ ML │
│ Rules │ │ Jobs │
└────┬────┘ └────┬────┘
│ │
└─────┬─────┘
│ Alert fires
▼
┌─────────────────────┐
│ Webhook Connector │
└──────────┬──────────┘
│ POST request
▼
┌─────────────────────┐
│ Your Webhook │
│ /api/trigger-devin│
└──────────┬──────────┘
│ Creates session
▼
┌─────────────────────┐
│ Devin AI │
│ Analyzes & Fixes │
└─────────────────────┘
For enterprise environments, combining both platforms provides defense-in-depth:
| Layer | Platform | Use Case |
|---|---|---|
| Quick Alerts | Azure Monitor | CPU > 90%, Memory > 85%, Error count > 0 |
| Deep Analysis | Elastic | Log correlation, pattern detection, ML anomaly |
| Compliance | Elastic | Long-term log retention, audit trails |
| Cost Optimization | Azure Monitor | Use included alerting for Azure resources |
┌─────────────────────────────────────────────────────────────────┐
│ Your Application │
└───────────────────────────────┬─────────────────────────────────┘
│
┌─────────────────┴─────────────────┐
│ │
▼ ▼
┌──────────────────────┐ ┌──────────────────────┐
│ Azure Monitor │ │ Elastic │
│ │ │ │
│ • Metric alerts │ │ • Log correlation │
│ • Quick thresholds │ │ • ML anomaly │
│ • Azure-native │ │ • Full-text search │
└──────────┬───────────┘ └───────────┬──────────┘
│ │
└─────────────────┬───────────────────┘
│
▼
┌─────────────────────┐
│ Webhook Endpoint │
│ (Deduplication) │
└──────────┬──────────┘
│
▼
┌─────────────────────┐
│ Devin AI │
└─────────────────────┘
When using both, the webhook can deduplicate to avoid double-triggering:
// Alerts from both platforms go to same endpoint
// Dedupe by alert signature (name + resource + time window)
const alertKey = `${alertName}:${resource}:${Math.floor(Date.now() / 300000)}`;
if (await redis.exists(alertKey)) return; // Already processing
await redis.set(alertKey, 'processing', 'EX', 300);| Guide | Description |
|---|---|
| Use Cases & Best Practices | Start here — When to use, when not to, alert tuning |
| Azure Monitor Setup | Step-by-step Azure configuration with portal links |
| Elastic Setup | Kibana alerting, Watcher, and ML setup |
| Comparison Guide | Detailed feature comparison and decision matrix |
| Devin Playbook | The 7-phase triage methodology |
| API Reference | Webhook endpoint documentation |
| Deployment Guide | Azure Functions deployment |
The included demo UI simulates both Azure Monitor and Elastic alert experiences:
cd demo-ui
npm install
npm run devFeatures:
- Azure Monitor replica with Action Groups and Alert Rules UI
- Elastic/Kibana-style alerting interface
- Demo triggers for common error scenarios
- Real-time Devin session status simulation
- Expandable alert details with logs and stack traces
When an alert fires, Devin follows this structured 7-phase approach:
Parse alert details, understand symptoms, document initial assessment.
Clone repo, locate bug in code, trace stack, identify root cause.
Choose path: Code Fix / Config Issue / External Issue / Escalate
Minimal code changes, proper error handling, tests included.
Clear title, problem description, solution explanation, linked to alert.
Full tracking ticket with alert context, PR link, session link.
Team notified with status, links to PR, JIRA, and Devin session.
| Metric | Without Devin | With Devin | Savings |
|---|---|---|---|
| MTTR (Mean Time to Resolve) | 4 hours | 30 minutes | 87% faster |
| Engineer time per incident | 4 hours | 15 minutes (review) | 3.75 hours |
| Incidents per month | 20 | 20 | — |
| Monthly engineer hours saved | — | — | 75 hours |
| At $150/hour loaded cost | — | — | $11,250/month |
- API keys stored server-side — never exposed to clients
- Webhook secrets supported — authenticate incoming requests
- No sensitive data logged — only alert metadata processed
- Devin operates in your repos — you control access
- Documentation: docs/
- Issues: github.com/COG-GTM/devin-triage-workflow/issues
- Devin Support: devin.ai/support
MIT License — see LICENSE
Built with 🔱 by the Cognition GTM Team
cognition.ai · devin.ai