Why your AI tools haven't fixed alert noise yet
Why your AI tools haven't fixed alert noise yet
It's not the tools. It's everything that happens between them.
By Flávia Batista
There is a belief that runs deep inside IT operations teams: a noisy environment is a healthy one. If alerts are firing constantly, if tickets are piling up, if the on-call rotation is getting hit at 2am, that means monitoring is working. The tools are catching things.
I understand where this comes from. In the early days of observability, silence was genuinely suspicious. A quiet dashboard often meant a gap in coverage, a misconfigured rule, something important slipping through undetected. So teams learned to treat volume as proof, and that instinct stayed long after the environment around it changed.
But noise is not proof that monitoring is working. In most cases, it is proof that something upstream was never fixed.
Automation at the wrong end
When alert volume becomes unsustainable, the response is almost always the same. Leadership looks at the backlog (a thousand tickets a day, engineers buried, SLAs slipping) and reaches for automation at the remediation end of the pipeline: AI agents plugged into monitoring tools, scripts that fire when incident X arrives, routing logic that moves tickets faster.
These are reasonable responses to an unreasonable situation, but they treat cost rather than cause. Most of those alerts should never have been generated. Processing them faster does not change why they exist.
Without system memory, the exact same anomaly will fire again next month

Native AI agents, the kind built into Datadog, Jira Service Management, or PagerDuty, add a second layer of the same problem. They are well-designed within their own environment, but they have limited visibility of each other’s environment. A Datadog AI agent that detects anomalies in infrastructure metrics may not have all the visibility into what Rovo is doing inside service management. A remediation script fires based on the incident it receives, with no memory of what was tried before or what is happening in a connected system at the same time. Even within their own silo, there are silos.
Zoom out far enough, and individual gaps give way to a pattern. Each layer of the stack runs its own AI, its own logic, and its own definition of what an incident is, with no shared memory between them, no operational narrative, no continuous thread from signal to resolution. The work fragments at every handoff, and the further apart the layers, the less any of them can see of what the others are doing.
Native AI agents are brilliant, but isolated within their own environments

Alert fatigue is the human symptom of a system problem
The name most teams use for this, alert fatigue, describes something real: the exhaustion, the desensitization, the critical signal buried in noise. But framing it as fatigue makes it sound like a human problem, something to manage with better on-call rotations or more headcount. What sits underneath it is structural: signals, context, ownership, action, and evidence moving separately instead of together.
Alert fatigue is a structural failure, not a human one

Alert correlation tools can reduce event noise by between 30% and 95%, according to
Gartner, but even near-total noise reduction does not fix an operation where context, ownership, and evidence still travel separately between tools. The noise comes back. And the teams that tried to fix it with automation alone are the ones now re-evaluating their vendor choices.

An anomaly fires in the infrastructure layer. The observability platform picks it up and creates an alert. That alert becomes a ticket, but the engineer assigned to it does not have the full context of what triggered it. It could be a recent deployment, or something that happened three months ago and sat in a closed ticket nobody would reopen. Eventually, the fix is applied, but the knowledge of why it worked, what the pattern was, what else might be connected - none of that feeds back into the system. Next month, the same anomaly fires again.
Every organization I work with has monitoring. They have ITSM, alerting, automation, and sometimes AI agents deployed across multiple platforms. The stack is present. Yet, according to Gartner, companies are still struggling to realize the full value from event intelligence investments.
What is missing is the layer that connects it all. When IT operations are truly connected, a signal travels from infrastructure through observability, into service management, through investigation and remediation, and back into something the team can actually learn from. Without that, each part of the operation, doing its best, generates noise for the next one.
The backward incident test
Pick any operational problem your team handled last month and trace it backward from resolution. Where did the alert come from? Was the threshold calibrated for how the system looks today, or set two years ago and never reviewed? When the ticket was created, did the engineer have the full upstream picture: the infrastructure change, the deployment, the related alerts firing in adjacent systems? When the incident closed, did the resolution get captured anywhere useful, or did it live in a Slack thread nobody will find when the same thing happens in six months?
Most teams, when they do this, find that the answer to each of those questions is no. Because the system is not designed to carry context from one stage to the next. Every handoff loses something, and lost context becomes noise downstream.

The goal is operational clarity, not silence
Operational clarity means knowing that when an alert fires, it is real, the path to resolution does not start from zero, and whatever gets learned during that incident will be available next time.
Getting there requires governance at each layer, not just at the end. Infrastructure teams maintaining CI/CD discipline so that application defects do not cascade into monitoring noise. Observability teams running quarterly reviews of alerting rules, thresholds, and persistence settings, because a rule that was accurate six months ago may be generating false positives today. Service management workflows that correlate and deduplicate before a ticket reaches an engineer. Remediation logic with enough context to know what was already tried.

What holds all of this together is a coordination layer: one place where signals are normalized, agent actions are tracked, escalation paths are governed, and the full operational narrative is visible and auditable from end to end. The champion for this inside an organization needs authority across the entire stack — an IT director, a head of platform, a governance lead — someone who can see end-to-end and make decisions that cross the boundaries between infrastructure, observability, ITSM, and automation. Most organizations have someone with that scope. What they often lack is the system that makes that scope useful.
Worth sitting with
In most organizations, monitoring is not what is broken, and neither is the team. Everything between signal and resolution was built in pieces, by different groups, at different times, for different purposes, and the seams between those pieces are where the noise lives. Whether that describes your environment or not is worth finding out, because it is the kind of problem that gets heavier the longer it goes unnamed.
See where your operation fragments
The Stack Diagnosis tool maps your current tooling across the four layers of IT operations and surfaces where coordination breaks down, before it shows up as an incident.
It takes about five minutes. The output tells you where the gaps are.
→ Run the Stack Diagnosis
Find out what fragmentation is costing you
The AIOps ROI Calculator estimates the operational cost of alert noise, manual triage, and repeated incidents, and shows where that cost does not have to exist.
Input your current alert volume and team size. The output shows you where the money is going.
→ Calculate your ROI
Flávia Batista is an AIOps Practice Leader at e-Core. She works with IT operations teams across North America and Latin America on operational resilience, observability maturity, and AI-assisted incident management.

e-Core
We combine global expertise with emerging technologies to help companies like yours create innovative digital products, modernize technology platforms, and improve efficiency in digital operations.
Tags: AI / DevOps / ITSM / Product Support / Service Management




