This workflow follows the HTTP Request → Slack recipe pattern — see all workflows that pair these two integrations.
The workflow JSON
Copy or download the full n8n JSON below. Paste it into a new n8n workflow, add your credentials, activate. Full import guide →
{
"name": "VigilAI AIOps Incidents",
"nodes": [
{
"parameters": {
"httpMethod": "POST",
"path": "anomaly"
},
"name": "Webhook: Anomaly",
"type": "n8n-nodes-base.webhook",
"typeVersion": 1,
"position": [
100,
300
],
"id": "webhook-anomaly"
},
{
"parameters": {
"jsCode": "// Parse anomaly data\nconst data = $input.first().json;\n\n// Determine severity based on anomaly score\nlet severity = 'low';\nif (data.anomaly_score >= 0.9) severity = 'critical';\nelse if (data.anomaly_score >= 0.7) severity = 'high';\nelse if (data.anomaly_score >= 0.5) severity = 'medium';\n\nreturn [{\n json: {\n log_message: data.log_message || data.message || 'Unknown error',\n anomaly_score: data.anomaly_score || 0.5,\n log_source: data.log_source || data.source || 'system',\n severity: severity,\n timestamp: new Date().toISOString(),\n needs_immediate_action: severity === 'critical' || severity === 'high'\n }\n}];"
},
"name": "Parse Anomaly",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
300,
300
],
"id": "parse-anomaly"
},
{
"parameters": {
"url": "http://backend:8000/api/v1/logs/analyze",
"method": "POST",
"authentication": "none",
"sendBody": true,
"bodyParameters": {
"parameters": [
{
"name": "logs",
"value": "={{ [$json.log_message] }}"
},
{
"name": "source",
"value": "={{ $json.log_source }}"
}
]
}
},
"name": "Create Incident",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 4,
"position": [
500,
300
],
"id": "create-incident",
"onError": "continueRegularOutput"
},
{
"parameters": {
"url": "http://backend:8000/api/v1/logs/rca/query",
"method": "POST",
"authentication": "none",
"sendBody": true,
"bodyParameters": {
"parameters": [
{
"name": "question",
"value": "What is the root cause of this error and how can it be fixed?"
},
{
"name": "logs",
"value": "={{ [$('Parse Anomaly').item.json.log_message] }}"
},
{
"name": "context",
"value": "={{ { source: $('Parse Anomaly').item.json.log_source, severity: $('Parse Anomaly').item.json.severity } }}"
}
]
},
"options": {
"timeout": 30000
}
},
"name": "Run RCA Analysis",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 4,
"position": [
700,
300
],
"id": "run-rca",
"onError": "continueRegularOutput"
},
{
"parameters": {
"jsCode": "// Combine anomaly data with RCA results\nconst anomaly = $('Parse Anomaly').item.json;\nconst rca = $input.first().json;\n\nreturn [{\n json: {\n ...anomaly,\n root_cause: rca.root_cause || 'Unable to determine root cause',\n recommendations: rca.recommendations || ['Investigate logs manually', 'Check system health'],\n affected_components: rca.affected_components || ['Unknown'],\n confidence: rca.confidence || 0.5\n }\n}];"
},
"name": "Combine Results",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
900,
300
],
"id": "combine-results"
},
{
"parameters": {
"conditions": {
"string": [
{
"value1": "={{ $json.severity }}",
"operation": "equals",
"value2": "critical"
}
]
}
},
"name": "Is Critical?",
"type": "n8n-nodes-base.if",
"typeVersion": 1,
"position": [
1100,
200
],
"id": "is-critical"
},
{
"parameters": {
"conditions": {
"string": [
{
"value1": "={{ $json.severity }}",
"operation": "equals",
"value2": "high"
}
]
}
},
"name": "Is High?",
"type": "n8n-nodes-base.if",
"typeVersion": 1,
"position": [
1100,
400
],
"id": "is-high"
},
{
"parameters": {
"select": "channel",
"channel": "#vigilai-incidents",
"text": "\ud83d\udea8\ud83d\udea8\ud83d\udea8 *CRITICAL INCIDENT DETECTED* \ud83d\udea8\ud83d\udea8\ud83d\udea8\n\n*Severity:* \ud83d\udd34 CRITICAL\n*Source:* {{ $json.log_source }}\n*Score:* {{ ($json.anomaly_score * 100).toFixed(1) }}%\n\n*Error:*\n```{{ $json.log_message }}```\n\n*Root Cause Analysis:*\n{{ $json.root_cause }}\n\n*Affected Components:*\n{{ $json.affected_components.map(c => `\u2022 ${c}`).join('\\n') }}\n\n*Recommended Actions:*\n{{ $json.recommendations.map((r, i) => `${i + 1}. ${r}`).join('\\n') }}\n\n<http://localhost:3000/ops|View in AIOps Dashboard>",
"attachments": [
{
"color": "#dc2626",
"fields": [
{
"title": "Confidence",
"value": "={{ ($json.confidence * 100).toFixed(0) }}%",
"short": true
},
{
"title": "Time",
"value": "={{ $json.timestamp }}",
"short": true
}
]
}
],
"otherOptions": {
"unfurl_links": false
}
},
"name": "Critical Alert",
"type": "n8n-nodes-base.slack",
"typeVersion": 2,
"position": [
1300,
100
],
"id": "critical-alert",
"credentials": {
"slackApi": {
"name": "<your credential>"
}
}
},
{
"parameters": {
"select": "channel",
"channel": "#vigilai-incidents",
"text": "\u26a0\ufe0f *HIGH SEVERITY INCIDENT*\n\n*Severity:* \ud83d\udfe0 HIGH\n*Source:* {{ $json.log_source }}\n*Score:* {{ ($json.anomaly_score * 100).toFixed(1) }}%\n\n*Error:*\n```{{ $json.log_message }}```\n\n*Root Cause:* {{ $json.root_cause }}\n\n*Recommendations:*\n{{ $json.recommendations.slice(0, 3).map((r, i) => `${i + 1}. ${r}`).join('\\n') }}\n\n<http://localhost:3000/ops|View Details>",
"attachments": [
{
"color": "#f97316"
}
]
},
"name": "High Alert",
"type": "n8n-nodes-base.slack",
"typeVersion": 2,
"position": [
1300,
350
],
"id": "high-alert",
"credentials": {
"slackApi": {
"name": "<your credential>"
}
}
},
{
"parameters": {
"jsCode": "// Store for batch summary (low/medium severity)\nconst item = $input.first().json;\n\n// In production, this would store to a database or state\n// For now, just format for potential batch processing\nreturn [{\n json: {\n batched: true,\n severity: item.severity,\n summary: `[${item.severity.toUpperCase()}] ${item.log_source}: ${item.log_message.substring(0, 100)}...`,\n timestamp: item.timestamp\n }\n}];"
},
"name": "Queue for Batch",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
1300,
500
],
"id": "queue-batch"
},
{
"parameters": {
"respondWith": "json",
"responseBody": "={{ JSON.stringify({ success: true, severity: $('Parse Anomaly').item.json.severity, incident_created: true }) }}"
},
"name": "Respond Success",
"type": "n8n-nodes-base.respondToWebhook",
"typeVersion": 1,
"position": [
1500,
300
],
"id": "respond-success"
}
],
"connections": {
"Webhook: Anomaly": {
"main": [
[
{
"node": "Parse Anomaly",
"type": "main",
"index": 0
}
]
]
},
"Parse Anomaly": {
"main": [
[
{
"node": "Create Incident",
"type": "main",
"index": 0
}
]
]
},
"Create Incident": {
"main": [
[
{
"node": "Run RCA Analysis",
"type": "main",
"index": 0
}
]
]
},
"Run RCA Analysis": {
"main": [
[
{
"node": "Combine Results",
"type": "main",
"index": 0
}
]
]
},
"Combine Results": {
"main": [
[
{
"node": "Is Critical?",
"type": "main",
"index": 0
},
{
"node": "Is High?",
"type": "main",
"index": 0
}
]
]
},
"Is Critical?": {
"main": [
[
{
"node": "Critical Alert",
"type": "main",
"index": 0
}
],
[
{
"node": "Queue for Batch",
"type": "main",
"index": 0
}
]
]
},
"Is High?": {
"main": [
[
{
"node": "High Alert",
"type": "main",
"index": 0
}
],
[
{
"node": "Queue for Batch",
"type": "main",
"index": 0
}
]
]
},
"Critical Alert": {
"main": [
[
{
"node": "Respond Success",
"type": "main",
"index": 0
}
]
]
},
"High Alert": {
"main": [
[
{
"node": "Respond Success",
"type": "main",
"index": 0
}
]
]
},
"Queue for Batch": {
"main": [
[
{
"node": "Respond Success",
"type": "main",
"index": 0
}
]
]
}
},
"settings": {
"executionOrder": "v1"
},
"tags": [
{
"name": "VigilAI",
"id": "vigilai-tag"
},
{
"name": "AIOps",
"id": "aiops-tag"
}
]
}
Credentials you'll need
Each integration node will prompt for credentials when you import. We strip credential IDs before publishing — you'll add your own.
slackApi
Pro
For the full experience including quality scoring and batch install features for each workflow upgrade to Pro
About this workflow
VigilAI AIOps Incidents. Uses httpRequest, slack. Webhook trigger; 11 nodes.
Source: https://github.com/priii-25/VigilAI/blob/6a236c2f65f1e05b9b39ea23640ebe9d03ff054b/n8n/aiops_incidents.json — original creator credit. Request a take-down →
Related workflows
Workflows that share integrations, category, or trigger type with this one. All free to copy and import.
HR teams, IT Operations, and System Administrators managing employee onboarding at scale. It’s perfect if you use Odoo 18 to trigger account requests and need Redmine + GitLab accounts created instant
HTTP Request, Slack
This workflow is a complete, production-ready solution for recovering abandoned carts in Shopify stores using a multi-channel, multi-touch approach. It automates personalized follow-ups via Email, SMS
HTTP Request, Shopify, SendGrid +5
This workflow automates end-to-end research analysis by coordinating multiple AI models—including NVIDIA NIM (Llama), OpenAI GPT-4, and Claude to analyze uploaded documents, extract insights, and gene
HTTP Request, Postgres, Slack +1
Are you tired of the repetitive dance between git push, creating a pull request in GitHub, updating the corresponding task in JIRA, and then manually notifying your team in Slack, or Notion?
HTTP Request, Stop And Error, Jira +2
This workflow automatically detects changes in the .env.staging file in a GitHub repository and keeps Android configuration files (build.gradle and gradle.properties) in sync.It creates a new Git bran
GitHub, HTTP Request, Slack