Profile picture
Charity Majors @mipsytipsy
, 16 tweets, 3 min read Read on Twitter
in honor of #monitorama and all the awesome talks and tweets, here is a mini-rant on why the common mantra "three pillars of observability: metrics, logs, and traces" is wrong, wrong, and wrong (or at least woefully outdated). with love. 📈❤️📉
first, some definitions.
📈 "metrics" can either mean a generic synonym for telemetry data, or "statsd-style integers with tags appended for grouping". the first is uselessly broad in this context.
📈 "logs" usually means unstructured strings written out to disk. (cont'd)
"logs" can be interpreted so broadly as to mean "any data emitted by any piece of software", but this is also uselessly broad. to most people it means strings => disk.
📈 and "tracing" generally means distributed tracing.

ok. definitions in hand now.
i will super grant that these are three types of telemetry that are broadly grouped by the majority of types of software that were available for consuming telemetry data, esp ~5 years ago. but it's a weird, weird set of choices thru any other lens.
what about stack traces? what about event-oriented instrumentation? what about APM? what about magical APM vs intentional instrumentation? what about exception handlers? what about aggregation vs sampling? what about aggregated tracing? what about...(she drones on forever)
rather than draw lines around how we set bits on disk, it makes more sense to draw lines around the *use cases* we have. (&& if we were better at thinking that way, would we have less of a devil's patchwork of "solutions" to eyeball and correlate between today?)
one clear line you can draw is between the health of the *system*, where context-stripped aggregates and metrics are helpful, and the health of the *event*, where they are actively misleading -- only event-oriented instrumentation (incl tracing) and sampling will help you.
and let's stop thinking and talking about UNSTRUCTURED STRINGS THAT WRITE TO DISK as being a valid life choice in the year 2018, shall we?

fuck logs. fuck disks for that matter, as anything more than a backoff+retry cache.
"logs" in the traditional sense of the term are a firmly deprecated solution for operational data. support them only with the same distaste you reserve for, oh, JMX 1.0.

structure your fucking data like a fucking adult. and don't flush to disk except as a temp replay cache.
if you structure your data, you get to break down and group by all those tasty, tasty high cardinality fields -- raw query, uuid, shopping cart id, etc.

this is ACTUALLY UN POSSIBLE with either metrics OR logs. this is a quantum leap in o11y functionality -- seems worth a nod.
and what is a trace, anyway? it's actually just another structured event, only depth-first rather than breadth-first like most events.

and what about exception trackers, e.g. @getsentry?? where do they fit in to these 3 pillars? (they don't, because it's not a sensible frame)
there's no quality shared by metrics, logs, and traces that breaks down into three pillars. they aren't all storage formats, or use cases, or instrumentation types, etc.

there's one storage format (metric), one use case (tracing), and one amorphous garbage heap (logs).
of the three: metrics are increasingly irrelevant/out of favor, logs are archaic and should be abandoned everywhere parents love their children, and traces are ... well traces are great. but only make sense as a pillar if the criteria are broken down by *use cases*.
anyway. in conclusion. if i had to propose a replacement Three Pillars, i'd start with use cases.

* health of the system (metrics, aggregation, time series)
* health of the event (structured log events, sampling, instrumentation)
* bugs in my code (exceptions, stack traces)
lots of different technologies, storage formats, and instrumentation techniques can be used to solve each of them, tho not every tool can be used to solve every problem.

this strikes me as the most reasonable and realistic accounting of modern tools & practices.
** oh yes ... tracing would fall under the "health of the event" bucket using that frame. tracing is *depth-first* event-driven debugging. something like honeycomb classic or scuba (and, i suspect, many competitive tools soon) is *breadth-first* event-driven debugging.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Charity Majors
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#monitorama

More from @mipsytipsy see all

Profile picture
this was such a great thread ⤵️ and I want to pull out this question of pay and credit.

✨Accruing all credit to a team manager for their team's achievements, and paying them more because of it, is some disempowering bullshit holdover from the factory day.✨
Engineering is a creative endeavor. So is managing engineers. In creative endeavors, you get people to do great work by supporting and inspiring them, then getting out of their way.

Taking credit for another person's creative output is stupid, and rightly galling.
In a capitalist system, compensation is a big part of how we demonstrate value.

If management isn't a promotion, prove it: pay the same (or less!) than engineers of the same level. The people who still want to become managers are the people you actually want managing.
Read 5 tweets
Profile picture
can't believe no one else has asked me this ☺️ and no, I gave up doing hands on work... back around the time I stopped managing engineers, come to think of it.

(and I have nightmares on the regular about never being a good engineer again)
However, I gave it up because I was doing a shit job as CEO due to lack of focus on vision and other new skills I desperately needed to level up on.

When you can retreat back into that place where everything makes sense, it hampers your development. For me at least.
I have daydreams about someday when everything is groovy, then I can take some time for building things. It does feed me, I do miss it desperately.
Read 4 tweets
Profile picture
btw ... going from line manager (managing engineers) to director (managing managers) is almost as much of a career change as going from engineer to manager.

you will suck at your job again, and you will have to rewire your brain's reward mechanisms again.
the metaphor i use is, as an engineer you get to use your hands to build a ship. as manager, you walk along the pier coaching and lending a hand.

as a director, you get a mission ("build 2x larger ships!") and a rusty fishing rod to wave at the managers to convey what you want.
almost all line managers rely on their personal charisma or subject authority to get their team to do things in some unique and unreplicable way.

once you become a director, you can't lean on instinct. what worked for you will not work for the managers who report to you.
Read 5 tweets

Related threads

Profile picture
Since I was a kid I wanted to watch "Close Encounters Of The Third Kind" by Steven Spielberg. Start the movie and first thing that comes up?

imdb.com/title/tt007586…

33 (x2 = 66)
#three #thirtythree #elevens #cabala #freemasonry #magic
Note the black on white/white on black for the numbers - inversion and opposites. 3 propellers.
When the little boy's record player starts playing. Lyrics begin "... of the shape of a square if you really want..." SQUARING THE CIRCLE
#freemasonry #magic #cabala #three #mysteryschools
Read 52 tweets
Profile picture
Time to learn about service meshes and microservices with Arijit Mukherji!
What’s keeping us from a world of easy software development? Service mess! What can help? Service mesh!
The talk is going to be more conceptual in nature - we aren’t taking a deep dive into a single mesh framework. #reInvent
Read 14 tweets
Profile picture
Today I'm going to #rant about #haskell libraries. I'm a Haskell supporter, I think it's a great language, but that doesn't mean it doesn't have problems. Some of them are surprising and I want to talk about them.
At the end of the rant I will have tips for developers using Haskell and for libraries developers (in any language, some rules are universal) so bear with me. It's a long rant but there is a good ending ;).
A preamble first: one of the reasons why I decided to study haskell is because haskell had a good way to deal with errors and invalid inputs/states.
Read 17 tweets
Profile picture
Leading off #Dash2018: @oliveur telling the story of how he and @alq founded Datadog in order to solve the problem they saw at previous companies of ops and dev teams being siloed and having communication breakdowns.
@oliveur @alq It doesn't make sense to look in different places for your application and infrastructure metrics, traces, and logs. You shouldn't have to guess where data is stored. #Dash2018
These three pillars of observability should be all in one place and easy to find. #Dash2018
Read 78 tweets
Profile picture
A Paid Gacha is going on in Fate Grand/Order for their Anniversary. Let me briefly and aimlessly #rant about whaling🐋 or freemium currency in games, mostly Love Live and FGO. Don't expect this to be very insightful or deep. Feel free to ignore me. #FGO #FateGrandOrder #LLSIF
Now In-app purchases are actually great for devs and consumer's alike. Apple kicked this off on the Apple store with Newstands. Games going free has allowed for greater market penetration. However it's a little scary when most of their money comes from a very tiny % of users.
I don't actively play Love Live School Idol Festival anymore. Yet I still login for my daily bonuses a couple times a week, and that's about it. It's still a fun rhythm game so I keep it installed for when I am in the mood for such a thing, which is once every few months. #LLSIF
Read 19 tweets
Profile picture
Mini-rant time.

Coming from Sudan, I'm used to most Americans either not knowing anything about Sudan or having extremely reductive views on the country ("Oh, you mean like Darfur?").

I'm also used to Sudan not being referenced all that much in American pop culture.
Recently, I was watching an episode of Brooklyn Nine-Nine.

*spoiler alert*

One of the characters, who holds the lovable-weirdo-everyone-tolerates trope, has had a lifetime ban placed on him ordering lunch for the team because he orders disgusting food.
He was recently injured so the team decided to lift the ban temporarily as a courtesy and let him order lunch. He exclaims that he's been "craving Sudanese all morning."

I'm like "oh no, not this."
Read 9 tweets

Trending hashtags

#thirtytwo #coverup #morals #surveillance #AmeRussia #secretschools #PlannedParenthood #Chairman #Motivation #RegisterAndReregister #GOPTrickleDownEconomicStimulus #RepRussian #legalaid #corruption #TheBeatles #RightsLivesAnDemocracyAtRisk #5g #AbolishWhiteSupremacistPatriarchy #TariffsAreTheGreatest #annualreport #courtcorruption #fashion #Design #jurisdiction #lbc

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!