Profile picture
, 9 tweets, 3 min read
1/ First things first: Metrics, Logs, and Traces are not “the three pillars of observability.”

They are just the raw materials – the *telemetry* – and we must reframe our discussion of observability around use cases and problems-to-solve.

Thread:
2/ The conventional wisdom looks like this…

Observability is this cool 6-syllable word that you know you want because it’s trendier than monitoring. And you get it (somehow) by purchasing Logs, Metrics, and Tracing.
3/ Of course, that makes no sense.

TL;DR, the people making the most noise about “metrics, logs, and traces as the three pillars of observability” are trying to sell them all to you. (Separately, of course)

How could the right observability workflow be so fragmented??
4/ The metrics, logs, and traces are all part of the story, but they are “the telemetry,” not “the observability.” Don’t confuse the two – conceptually, they are totally different. (PS: for high-quality, portable, easily-integrated telemetry, bet on @OpenTelemetry)
5/ Per the diagram ^^^, metrics, logs, and traces aren’t even conceptually distinct. Most metrics and logs describe end-to-end transactions, and thus derive from or decorate Spans.

Really, “metrics, logs, and traces” are more like “Spans, more spans… and some metrics and logs.”
6/ For microservices, 99.X% of observability use cases fall into one of two overarching themes:

1) Releasing new functionality with confidence
2) Minimizing SLO (“Service Level Objective”) violations

(For more on SLOs, see and/or oreilly.com/library/view/t…)
7/ The first allows us to introduce new semantics/features, and the second makes our services dependable actors in the larger system, application, and *business*.

Most everything else (alerting, performance tuning, CI/CD, etc) rolls up into one of these broader use cases.
8/ We can only advance our practice of observability by getting away from the primitive idea that logs, metrics, and traces are *products*, and instead to see them as telemetry (that is, as *inputs*) to a modern observability solution (ahem, like @LightStepHQ).
9/ Once we reframe the problem in this way, we see what world-class observability can really be…

Scalable.

Robust.

Simple.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Ben Sigelman
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @el_bhs see all

Profile picture
Ben Sigelman
@el_bhs
For observability, scale is a red herring: what really matters is *depth*.

And once you start thinking about “deep systems,” you realize why conventional observability dogma is nonsensical. And also why tracing will become the foundation for effective observability.

Thread: /0
First, let’s talk about scale and why it’s the wrong way to think about system complexity.

“Scale” refers to throughput, cost, developer headcount, or some other linear attribute of a system. /1
You can deploy a simple function that resizes images without making any system calls, wrap it in an RPC handler, and scale that to your heart’s content: observability will be straightforward (though justifying your compute bill may be a different story!). /2
Read 10 tweets

Related threads

Profile picture
Charity Majors
@mipsytipsy
Thread of the month. Go read it. I'll wait.
In 2016 when we started working on honeycomb, observability was, to the software industry, just an obscure synonym for telemetry.

If you had heard it before, you probably knew someone on the internal tools team at Twitter.
Over the past 3.5 years, we have done a *ton* of work to flesh out that definition, to propose a technical spec that is useful, generalizable, and effective for complex systems observability, and to explain why earlier solutions had stopped working.
Read 12 tweets
Profile picture
Liz Fong-Jones (方禮真)
@lizthegrey
Next up, @luke_demi_ about observability at Coinbase #monitorama
@luke_demi_ They store very, very, very high-value private keys on behalf of their users. and it's very public when cryptocurrency exchanges mess up... #monitorama
They keep very extensive auditing logs, and that's what they thought of as o11y 3 years ago. But they realized it wouldn't enable them to scale up by a factor of 10 in May 2017 when their website collapsed under load for *days*... #monitorama
Read 31 tweets
Profile picture
Charity Majors
@mipsytipsy
this is a lovable mess of a wall of text about observability and complex systems that nevertheless manages to hit all the top consequences and learnings: blog.mi.hdm-stuttgart.de/index.php/2019…
in fact i love it enough that i'm going to strenuously argue with it.

(while reminding myself that it's a measure of success for people to take the things you arrived at through blood sweat and tears and consider them "things everybody knows and says")
but: there are not "three pillars" of observabiity. there is only one data structure that underpins observability: the arbitrarily-wide structured data blob. consider:

* metrics are trivially derived from it
* logs are a sloppy version of it
* traces are a visualization of it
Read 12 tweets
Profile picture
Charity Majors
@mipsytipsy
✨THERE ARE NO✨
✨THREE PILLARS OF✨
✨OBSERVABILITY.✨

and the fact that everybody keeps blindly repeating this mantra (and cargo culting these primitives) is probably why our observability tooling is 10 years behind the rest of our software tool chain.
I'm not joking. I think it's incredibly harmful. And inaccurate. It's as though someone declared there are "Three Pillars of Software Engineering: Compiled Languages, Functional Languages and Linked Lists."

you'd be like... "whaaa?"
"Three Pillars" implies some sort of definition. But "metrics, logs and traces" are a random grab bag! Two primitive data storage types (one of which should never be used anymore) and one visualization layer (for third type which isn't named!).

This drives me BATSHIT.
Read 11 tweets
Profile picture
Liz Fong-Jones
@lizthegrey
Leading off #Dash2018: @oliveur telling the story of how he and @alq founded Datadog in order to solve the problem they saw at previous companies of ops and dev teams being siloed and having communication breakdowns.
@oliveur @alq It doesn't make sense to look in different places for your application and infrastructure metrics, traces, and logs. You shouldn't have to guess where data is stored. #Dash2018
These three pillars of observability should be all in one place and easy to find. #Dash2018
Read 78 tweets
Profile picture
Charity Majors
@mipsytipsy
in honor of #monitorama and all the awesome talks and tweets, here is a mini-rant on why the common mantra "three pillars of observability: metrics, logs, and traces" is wrong, wrong, and wrong (or at least woefully outdated). with love. 📈❤️📉
first, some definitions.
📈 "metrics" can either mean a generic synonym for telemetry data, or "statsd-style integers with tags appended for grouping". the first is uselessly broad in this context.
📈 "logs" usually means unstructured strings written out to disk. (cont'd)
"logs" can be interpreted so broadly as to mean "any data emitted by any piece of software", but this is also uselessly broad. to most people it means strings => disk.
📈 and "tracing" generally means distributed tracing.

ok. definitions in hand now.
Read 16 tweets

Trending hashtags

#Lodi #MAGIC #IPHONEx #PAEC #Kamranbhat #American #protection #THANKYOU #official #Confirmed #Raiwind #WTO #Daniel #PASCOSHERIFF #JuA #OMITTED #Thailand #Malaysia #Iran #BULLSHIT #PascoProud #US #Raw #Lashkar #SouthKorea
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!