Investigations API
Prefix: /api/investigations | Tag: investigations
Surfaces results from the autonomous agent (Sentinel). Queries alerts.agent_investigations and alerts.agent_tasks.
Endpoints
| Method | Path | Description |
|---|---|---|
| GET | /api/investigations | List investigations (paginated, filterable) |
| GET | /api/investigations/kpis | Investigation summary KPIs |
| GET | /api/investigations/pending-tasks | Pending/running agent tasks |
| GET | /api/investigations/{investigation_id} | Full investigation detail |
GET /api/investigations
Query params:
| Param | Type | Default | Description |
|---|---|---|---|
days | int | 30 | Lookback window (1-365) |
severity | string | null | Filter by severity |
customer | string | null | Filter by customer name (LIKE match) |
page | int | 1 | Page number |
page_size | int | 20 | Items per page (max 100) |
Response:
{
"investigations": [
{
"investigation_id": "...",
"cluster_name": "prod-analytics",
"customer_name": "Acme Corp",
"severity": "Critical",
"confidence": 0.85,
"root_cause": "Compaction backlog causing query timeouts",
"recommended_actions": "...",
"model": "claude-sonnet-4-5-20250929",
"input_tokens": 15000,
"output_tokens": 3200,
"cost_usd": 0.093,
"total_tokens": 18200,
"duration_seconds": 45
}
],
"total": 100,
"page": 1,
"page_size": 20,
"source": "live",
"generated_at": "..."
}
GET /api/investigations/kpis
Query params: days (int, default 30)
Response:
{
"total_investigations": 100,
"critical_count": 15,
"warning_count": 45,
"info_count": 40,
"avg_confidence": 0.82,
"avg_duration_s": 38.5,
"total_tokens": 1500000,
"total_cost_usd": 6.75,
"source": "live",
"generated_at": "..."
}
GET /api/investigations/pending-tasks
Returns tasks from the Sentinel queue with status pending or running (max 50).
Response:
{
"tasks": [
{
"task_id": "...",
"cluster_id": "uuid",
"cluster_name": "prod-analytics",
"customer_name": "Acme",
"customer_tier": "S",
"trigger_reason": "critical_health_score",
"priority": 1,
"status": "running",
"created_at": "2026-03-25T10:00:00"
}
],
"total": 3,
"source": "live",
"generated_at": "..."
}
GET /api/investigations/{investigation_id}
Returns the full investigation including full_report field (not included in list view).