US-20260127229-A1 - GROUP ACTION FRAMEWORK

Abstract

A method includes obtaining an incident report and assigning an incident type to the incident report. The method also includes determining that the incident type has not been assigned to any prior incident reports and generating a prompt associated with the incident type based on determining that the incident type has not been assigned to any prior incident reports. The method also includes generating a response to the incident report based on the prompt using a large language model (LLM).

Inventors

• Gaurav Goyal
• Tao Feng
• Dariush Shahgoshtasbi
• Udayan Kumar
• Manish Kumar Das
• Sathish Kumar Gurram

Assignees

• SERVICENOW, INC.

Dates

Publication Date

20260507

Application Date

20241104

Claims (20)

1. 1 . A computer-implemented method comprising: obtaining an incident report; assigning an incident type to the incident report; generating a group of incident reports comprising the incident report and one or more other incident reports assigned to the incident type; querying a database that stores associations between previously assigned incident types and corresponding responses previously generated by a large language model (LLM), each corresponding response specifying one or more actions to resolve the previously assigned incident type; based on querying the database, determining that the database lacks a previously generated response by the LLM associated with the assigned incident type; generating, using the LLM, a summary of the group of incident reports; based on the summary and determining that the database lacks the stored previously generated response by the LLM associated with the assigned incident type, generating a prompt associated with the incident type; and generating, using the LLM, a response to the incident report based on the prompt.
2. 2 . The method of claim 1 , further comprising storing the response for the incident report at the database.
3. 3 . (canceled)
4. 4 . The method of claim 1 , further comprising: obtaining a second incident report; and assigning a second incident type to the second incident report.
5. 5 . The method of claim 4 , further comprising: determining that the second incident type has been assigned to a particular prior incident report; based on determining that the second incident type has been assigned to the particular prior incident report, identifying a second response stored at the database, the second response associated with the second incident type; and retrieving the second response for the second incident report.
6. 6 . The method of claim 5 , wherein the second response was previously generated by the LLM based on the particular prior incident report.
7. 7 . The method of claim 1 , further comprising extracting data from the incident report.
8. 8 . The method of claim 7 , further comprising determining one or more representative keywords for the incident report based on the extracted data.
9. 9 . The method of claim 7 , further comprising determining one or more representative incident reports based on the extracted data.
10. 10 . The method of claim 7 , further comprising: generating a descriptive prompt based on the extracted data; and generating, using the LLM, a description for the incident report based on the descriptive prompt.
11. 11 . The method of claim 1 , further comprising generating a ranked list of incident reports for the group of incident reports based on a number of input tokens of each incident report within the group of incident reports.
12. 12 . The method of claim 11 , wherein the ranked list prioritizes a first incident report with a lower number of input tokens over a second incident report with a higher number of input tokens.
13. 13 . The method of claim 12 , wherein generating the response to the incident report comprises selecting the incident report from the group of incident reports based on the ranked list.
14. 14 . The method of claim 11 , further comprising: for each incident report in the group of incident reports, generating, using the LLM, a respective output; and generating, using the LLM, the incident report summary based on the respective output generated for each incident report.
15. 15 . A system comprising: data processing hardware; and memory hardware in communication with the data processing hardware, the memory hardware storing instructions that when executed on the data processing hardware cause the data processing hardware to perform operations comprising: obtaining an incident report; assigning an incident type to the incident report; generating a group of incident reports comprising the incident report and one or more other incident reports assigned to the incident type; querying a database that stores associations between previously assigned incident types and corresponding responses previously generated by a large language model (LLM), each corresponding response specifying one or more actions to resolve the previously assigned incident type; based on querying the database, determining that the database lacks a previously generated response by the LLM associated with the assigned incident type; generating, using the LLM, a summary of the group of incident reports; based on the summary and determining that the database lacks the stored previously generated response by the LLM associated with the assigned incident type, generating a prompt associated with the incident type; and generating, using the LLM, a response to the incident report based on the prompt.
16. 16 . The system of claim 15 , wherein the operations further comprise extracting data from the incident report.
17. 17 . The system of claim 16 , wherein the operations further comprise determining one or more representative keywords for the incident report based on the extracted data.
18. 18 . The system of claim 16 , wherein the operations further comprise determining one or more representative incident reports based on the extracted data.
19. 19 . The system of claim 16 , wherein the operations further comprise: generating a descriptive prompt based on the extracted data; and generating, using the LLM, a description for the incident report based on the descriptive prompt.
20. 20 . A non-transitory computer-readable medium having instructions that, when executed by data processing hardware, causes-cause the data processing hardware to perform operations comprising: obtaining an incident report; assigning an incident type to the incident report; generating a group of incident reports comprising the incident report and one or more other incident reports assigned to the incident type; querying a database that stores associations between previously assigned incident types and corresponding responses previously generated by a large language model (LLM), each corresponding response specifying one or more actions to resolve the previously assigned incident type; based on querying the database, determining that the database lacks a stored previously generated response by the LLM associated with the assigned incident type; generating, using the LLM, a summary of the group of incident reports; based on the summary and determining that the database lacks the previously generated response by the LLM associated with the assigned incident type, generating a prompt associated with the incident type; and generating, using the LLM, a response to the incident report based on the prompt.

Description

TECHNICAL FIELD This disclosure relates to generating recommendations based on data set types. BACKGROUND Many entities require the ability to process large volumes of documents and extract relevant information therefrom. For example, some entities need to identify and group similar or related documents, and then perform actions on them, such as summarizing, resolving, recommending, or analyzing the documents. However, developing and maintaining such solutions for multiple different domains or applications can be time-consuming and error-prone, as they may require different data formats, grouping techniques, action outcomes, and domain knowledge. Moreover, existing solutions may not be able to handle diverse and complex data sets or provide customized and context-aware actions. SUMMARY One implementation of the disclosure provides a computer-implemented method of using a group action framework. The method includes obtaining an incident report and assigning an incident type to the incident report. The method also includes determining that the incident type has not been assigned to any prior incident reports and generating a prompt associated with the incident type based on determining that the incident type has not been assigned to any prior incident reports. The method also includes generating a response to the incident report based on the prompt using a large language model (LLM). Implementations of the disclosure may include one or more of the following optional features. In some implementations, the method further includes storing the response for the incident report at a database. In these implementations, determining that the incident type has not been assigned to any prior incident reports may include determining that the database lacks any response associated with the incident type. In some examples, the method further includes obtaining a second incident report and assigning a second incident type to the second incident report. In these examples, the operations may further include determining that the second incident type has been assigned to a particular prior incident report, identifying a second response associated with the second incident type stored at a database based on determining that the second incident type has been assigned to the prior incident report, and retrieving the second response for the second incident report. Here, the second response may be previously generated by the LLM based on the particular prior incident report. In some implementations, the method further includes extracting data from the incident report. Here, the method may further include determining one or more representative keywords for the incident report based on the extracted data. In these implementations, the operations may further include determining one or more representative incident reports based on the extracted data. The method may further include generating a descriptive prompt based on the extracted data and generating a description for the incident report based on the descriptive prompt using the LLM. In some examples, the method further includes grouping the obtained incident report with one or more other incident reports each assigned the same incident type as the obtained incident report. In these examples, each incident report in the group of incident reports may include a number of input tokens. Here, obtaining the incident report may include selecting the incident report from the group of incident reports based on the number of input tokens of each incident report. The method may further include generating a respective output using the LLM for each incident report in the group of incident reports and generating a summary based on the respective output generated for each incident report using the LLM. Another implementation of the disclosure provides a system that includes data processing hardware and memory hardware storing instructions that when executed on the data processing hardware causes the data processing hardware to perform operations. The operations include obtaining an incident report and assigning an incident type to the incident report. The operations also include determining that the incident type has not been assigned to any prior incident reports and generating a prompt associated with the incident type based on determining that the incident type has not been assigned to any prior incident reports. The operations also include generating a response to the incident report based on the prompt using a large language model (LLM). Implementations of the disclosure may include one or more of the following optional features. In some implementations, the operations further include extracting data from the incident report. Here, the operations may further include determining one or more representative keywords for the incident report based on the extracted data. In these implementations, the operations may further include determining one or more representative incident reports based on the