Aurora Troubleshooting Assistance is Auvik's AI-powered alert investigation tool. It analyzes triggered alerts—combining alert details, device context, topology, performance data, and historical patterns—to deliver a probable root cause hypothesis and actionable diagnostic steps directly in the Auvik UI.
During the beta, Aurora is available on Essentials, Performance, Core, Advanced tiers.
How Aurora Works
When you open a triggered alert in Auvik, Aurora is ready to help you investigate. Follow the steps below
Open a triggered alert — Navigate to the alert you want to investigate in the Alerts view.
Click the Aurora button — In the alert details, click the AI button to start a troubleshooting session. Aurora automatically analyzes the alert using all available context (no configuration required).
Review the initial analysis — Aurora presents a probable root cause hypothesis, supporting evidence, and suggested diagnostic commands.
Run the suggested diagnostics — Execute the recommended commands on your device using your usual CLI or management tools.
Paste output back into the chat — Copy the command output, log snippets, or other findings and paste them into the Aurora conversation.
Iterate — Aurora refines its analysis based on your new evidence, updates its hypothesis, and suggests further diagnostic steps. Continue the cycle until you reach a resolution or are ready to escalate.
You can ask follow-up questions at any time, such as:
"What does this output indicate?"
"What should I check next?"
"Does this point to a likely root cause?"
Data Context Used Automatically
For each alert investigation, Aurora automatically gathers and analyzes the following data (when available). You do not need to configure or provide these inputs manually:
Data Context |
Description |
|---|---|
Alert Data |
Alert details including type, severity, timestamps, status, and trigger conditions |
Syslog Lines |
Syslog entries associated with the device around the time of the alert |
Performance Data |
Device utilization and performance chart data |
Network Topology |
ARP and FDB tables to understand the network topology around the device |
Historical Alerts |
Previous alerts for this device over the past 7 days |
Interface Stats |
For Interface alerts, statistics (speed, duplex, admin status, utilization) when the alert is interface-related |
Device Attributes |
General device details including vendor, model, firmware version, and admin status |
Northstar |
An array of devices on the network path to the Northstar device |
When an alert matches an out-of-the-box (OOTB) preconfigured alert or similar conditions, Aurora also incorporates Auvik's published KB articles for that alert type. See Preconfigured Alerts and Default Settings.
Capabilities
Aurora provides intelligent, context-aware troubleshooting and across a wide range of network alert scenarios. Aurora can only assist with troubleshooting the current triggered alert. It cannot help with general networking questions, non-alert topics, or tasks outside the scope of the alert being investigated.
Confidence Scoring
Each analysis includes a confidence percentage that reflects the strength of available evidence. Confidence adjusts dynamically as you provide new information or when data gaps are identified.
Single Highest-Confidence Root Cause
Aurora delivers exactly one possible hypothesis per analysis — the single most likely explanation based on all available evidence. This focused approach avoids overwhelming you with multiple competing theories and gives you a clear starting point for investigation.
Alert-Family-Specific Logic
Aurora applies specialized analysis logic depending on the alert family, prioritizing the most relevant data sources for each:
Offline / Reachability — Distinguishes device failure from upstream path loss, collector visibility loss, or transport loss
Interface alerts — Prioritizes interface stats, performance data, and topology context
Routing / Protocol — Focuses on syslog, network path, and historical patterns
HA / Failover — Checks for sync failure, heartbeat issues, power events, software changes, or resource spikes before failover
Resource alerts — Prioritizes performance snapshots and historical trends
Config / Change alerts — Focuses on historical context, syslog, and device details
Hardware / Power — Prioritizes syslog, historical context, and device metadata
VPN / Firewall capacity — Prioritizes performance data and historical trends
VMware alerts — Focuses on historical context, syslog, and performance
Printer / Endpoint — Prioritizes alert data and historical context
Replication / Service degradation — Focuses on syslog, performance, and network path
Smart Alert-Type Handling
Aurora applies specific logic for certain alert types:
Packet Discards — Compares discards to interface utilization and speed; does not default to "congestion" when throughput is low relative to capacity
Packet Errors — Favors physical or link-quality causes first
Offline — Distinguishes between device failure, upstream path loss, collector visibility loss, and transport loss
Default Route Change — Correlates with WAN loss, HA failover, routing events, or interface flaps
HA Failover Detected — Checks for sync failure, heartbeat/link issues, power events, software changes, or resource spikes
Vendor-Aware Diagnostic Commands
Aurora provides diagnostic commands tailored to the specific device vendor. When the vendor is unknown, generic equivalents are provided. For GUI-managed platforms (such as Meraki), Aurora provides read-only GUI navigation checks instead of CLI commands.
Firmware and Software Awareness
When firmware or software version information is available, Aurora considers whether the version could plausibly relate to the alert symptoms.
Best Practices
Start with the initial analysis — Review Aurora's hypothesis and evidence before running any commands. The initial analysis often points you in the right direction.
Run one or two commands at a time — Aurora works best when you provide focused evidence. Run the suggested diagnostics and paste the output back before moving to the next step.
Include full command output — Paste complete, unedited command output or log snippets. Partial output may lead to less accurate analysis.
Use Aurora's summaries for documentation — Aurora's structured analysis (hypothesis, evidence, timeline) can be used to improve your alert triage documentation and incident notes.
Know when to escalate — If Aurora recommends escalation, consider engaging a senior engineer or vendor support. Aurora's analysis up to that point serves as useful escalation documentation.
Check for missing data — If Aurora flags missing data contexts, consider whether you can provide that information to improve the analysis.
For more information, check out the Aurora Troubleshooting Assistance FAQ