Dynatrace Davis Alternative: Open Source AI Root Cause Analysis (2026)
Davis AI is powerful causal AI, but it is locked to the Dynatrace platform and OneAgent. Aurora is a free, open source, self-hosted, multi-cloud alternative.
Key Takeaways
- Davis AI is Dynatrace's hypermodal engine that converges predictive, causal, and generative AI, with the company's CTO stating that 'only causal AI can deterministically know the root cause of an issue' (Dynatrace press release, July 25 2023).
- Davis derives its precision from the Smartscape real-time dependency graph, which is built from telemetry collected by Dynatrace's proprietary OneAgent, so its causal analysis is bound to the Dynatrace platform.
- Dynatrace prices on the consumption-based Dynatrace Platform Subscription (DPS): Full-Stack Monitoring at 0.01 USD per memory-GiB-hour, Infrastructure Monitoring at 0.04 USD per host-hour, and Kubernetes Platform Monitoring at 0.002 USD per pod-hour.
- Aurora is an open source (Apache 2.0) AI SRE platform whose LangGraph-orchestrated agents actively investigate incidents across AWS, Azure, GCP, OVH, Scaleway, and Kubernetes, with no OneAgent and no platform lock-in.
- Aurora is self-hosted and air-gapped capable with bring-your-own-LLM via Ollama, and it executes 'kubectl', 'aws', 'az', and 'gcloud' commands in sandboxed Kubernetes pods rather than only diagnosing (Aurora repo).
- Honest read: Davis wins on automatic baselining and topology at huge telemetry scale; Aurora wins on openness, multi-cloud without OneAgent, self-hosting, and active investigation plus human-gated remediation.
If you want the causal-AI rigor of Dynatrace Davis without the proprietary agent, the per-GiB-hour bill, and the single-vendor platform, this guide compares Davis with Aurora, an open source AI SRE agent, and explains exactly where each one is the better fit.
What is Dynatrace Davis?
Dynatrace Davis is the AI engine inside the Dynatrace observability platform, and it is best understood as a deterministic causal-AI reasoning layer rather than a standalone tool. Dynatrace describes Davis as a hypermodal AI that converges predictive AI, causal AI, and generative AI, with CTO Bernd Greifeneder stating that 'only causal AI can deterministically know the root cause of an issue' (Dynatrace, July 25 2023).
Davis applies 'deterministic, causation-based analysis across applications, services, infrastructure, logs, and traces,' and it 'establishes baselines, detects anomalies, and identifies root cause with topology and dependency context' (Dynatrace docs), using the Smartscape real-time dependency graph. That topology is not free: it is constructed from telemetry gathered by OneAgent, Dynatrace's proprietary single binary that auto-instruments hosts, processes, and services and that you install once per host. The generative layer arrived with Davis CoPilot, which reached general availability on October 10 2024 and turns natural language into Dynatrace Query Language.
Dynatrace, Inc. trades on the NYSE under the ticker DT after its 2019 IPO and is headquartered in Waltham, Massachusetts. OneAgent, Smartscape, PurePath, and Davis are all registered Dynatrace trademarks, which is a useful reminder of how tightly the causal engine is coupled to the proprietary stack underneath it.
What is Aurora?
Aurora is an open source, Apache 2.0 licensed AI SRE and incident-management platform from Arvo AI that actively investigates incidents instead of only correlating signals. When an alert fires, Aurora's LangGraph-orchestrated agents autonomously query your infrastructure, run commands, build a dependency graph for blast radius, and produce a structured root-cause analysis with remediation steps.
Concretely, Aurora queries cloud APIs across AWS, Azure, GCP, OVH, Scaleway, and Kubernetes, and it executes 'kubectl', 'aws', 'az', and 'gcloud' commands inside sandboxed Kubernetes pods. It builds a Memgraph infrastructure knowledge graph to reason about blast radius, generates postmortems you can export to Confluence, Notion, or SharePoint, and can suggest code fixes or open pull requests. Aurora is self-hosted via Docker Compose or a Helm chart, is air-gapped capable, and is bring-your-own-LLM, so you can run local models through Ollama rather than sending telemetry to a vendor cloud. Destructive actions are human-gated. For deeper background on this active-investigation pattern, see our explainer on AI SRE versus AIOps.
Aurora ingests alerts by webhook from eleven monitoring connectors: PagerDuty, Datadog, Grafana, New Relic, OpsGenie, Netdata, Dynatrace, Coroot, ThousandEyes, BigPanda, and incident.io, plus a Slack bot. The Dynatrace connector matters here: you can keep Davis as your detection and baselining layer and forward its problems to Aurora for open, multi-cloud investigation and remediation.
Davis vs Aurora: a direct head-to-head
The cleanest way to frame this is detection and topology versus open investigation and execution. Davis is a deterministic causal engine optimized to pinpoint root cause within a single richly instrumented platform, while Aurora is a vendor-neutral agent optimized to investigate and act across many clouds without that instrumentation.
Where Davis is genuinely stronger. Davis performs automatic, auto-adaptive baselining across host, process, service, and custom metrics with no manual thresholds, and it correlates events that share a root cause into a single problem to cut alert spam (Dynatrace docs). Because Smartscape continuously maps vertical and horizontal dependencies from OneAgent and PurePath traces, Davis can reason about causality at very large telemetry scale with a determinism that an LLM-driven agent does not match. If you already run OneAgent everywhere and want hands-off anomaly detection plus precise topology, Davis is excellent at that job.
Where Aurora is genuinely stronger. Aurora is open source and self-hostable, so you can read the code, run it air-gapped, and avoid sending telemetry to a vendor. It investigates across AWS, Azure, GCP, OVH, Scaleway, and Kubernetes without requiring a proprietary agent on every host, which makes it a fit for multi-cloud incident management where deploying OneAgent fleet-wide is impractical or costly. Critically, Aurora executes: it runs cloud and kubectl commands in sandboxed pods and can open remediation PRs, where Davis primarily produces answers and hands remediation to external workflow actions.
Pricing model, stated honestly. Dynatrace publishes list rates on the DPS rate card: Full-Stack Monitoring at 0.01 USD per memory-GiB-hour, Infrastructure Monitoring at 0.04 USD per host-hour, and Kubernetes Platform Monitoring at 0.002 USD per pod-hour. There is no public per-investigation rate for Davis; it is bundled into consumption-based platform spend that scales with monitored memory and hosts. Aurora has no license fee at all under Apache 2.0; your only costs are the infrastructure you run it on and the LLM tokens you consume.
Comparison table
| Dimension | Dynatrace Davis | Aurora |
|---|---|---|
| License | Proprietary, part of the Dynatrace platform (trademarks per S-1) | Open source, Apache 2.0 (repo) |
| Deployment | SaaS platform, OneAgent installed per host (OneAgent) | Self-hosted via Docker Compose or Helm, air-gapped capable |
| Multi-cloud | Strong, but via OneAgent telemetry and Smartscape topology | AWS, Azure, GCP, OVH, Scaleway, Kubernetes with no proprietary agent |
| Investigation vs correlation | Deterministic causal root cause on a continuously baselined topology (docs) | LangGraph agents actively query infra and reason over a Memgraph graph |
| Write and execute actions | Answer-driven, remediation via external workflow actions | Runs kubectl, aws, az, gcloud in sandboxed pods, opens PRs, human-gated |
| Pricing model | Consumption-based DPS, e.g. 0.01 USD per GiB-hour Full-Stack (rate card) | No license fee, you pay only for your infra and LLM tokens |
| Self-host and air-gap | No, vendor SaaS platform | Yes, self-hosted with bring-your-own-LLM via Ollama |
| LLM choice | Generative layer is Davis CoPilot, GA Oct 2024 (blog) | Bring your own: OpenAI, Anthropic, Google, or local models |
How Aurora fits alongside the tools you already run
Aurora is the AI investigation layer, not a routing or scheduling layer, so it sits on top of whatever alerting and on-call stack you keep. If you use PagerDuty, Datadog, Grafana, Netdata, Dynatrace, Coroot, ThousandEyes, or BigPanda for detection and routing, Aurora ingests those alerts by webhook and takes the investigation from there.
That layering is the point. You can keep Davis doing what it does best, namely automatic baselining and topology-aware detection inside Dynatrace, and forward its problems to Aurora so the actual investigation and remediation happen in an open, self-hosted, multi-cloud system you control. If you are evaluating where open agents fit in the broader market, our roundups of the top AIOps platforms for free root cause analysis and self-hosted AI SRE options put this trade-off in context.
Which should you choose?
Choose Dynatrace Davis if you are already standardized on the Dynatrace platform, can run OneAgent across your fleet, and want best-in-class automatic baselining plus deterministic, topology-aware root cause at large scale. Davis is a strong fit for organizations that value hands-off anomaly detection and accept consumption-based SaaS pricing in exchange for that depth.
Choose Aurora if openness, self-hosting, and multi-cloud breadth without a proprietary agent matter more than turnkey baselining. Aurora is the better fit when you need to investigate across AWS, Azure, GCP, OVH, Scaleway, and Kubernetes, when you want an auditable Apache 2.0 codebase you can run air-gapped, when you want to bring your own LLM, and when you want the agent to execute human-gated remediation rather than only produce an answer.
Many teams will not pick one and discard the other. The pragmatic pattern is Davis for detection and baselining inside Dynatrace, with Aurora as the open investigation and remediation layer on top, so you get causal precision where you have OneAgent and vendor-neutral action everywhere else.