Skip to content
PersonalNotes

Observability

Observability is a critical concept in modern software engineering and system operations, referring to the ability to understand the internal state of a system based on its external outputs. It ensures teams can monitor, debug, and improve systems, especially complex distributed architectures, by making them more transparent.

Benefits

  • Improved system reliability.
  • Faster incident resolution.
  • Insights for optimization and scaling.
  • Enhanced collaboration between development and operations teams.

Key Concepts

Metrics Quantitative measurements of system performance, such as CPU usage, memory consumption, request rates, or error counts. Metrics are numerical, aggregated data points used for monitoring trends over time.

Logs Structured or unstructured text records of events within a system. Logs provide detailed context for specific actions or errors, allowing root cause analysis.

Traces Records of end-to-end workflows or transactions within a system, showing how a request moves through various services and components. Distributed tracing is essential for understanding complex systems.

Instrumentation Embedding observability capabilities directly into the code to collect metrics, logs, and traces. Tools like OpenTelemetry standardize instrumentation.

Dashboards and Alerts Visual representations of collected data and automated notifications for anomalies or threshold breaches. These are vital for proactive monitoring.

Correlation and Context The ability to link logs, metrics, and traces together for a unified view of the system’s behavior, providing deeper insights during debugging and analysis.

Logs

Structuring Logs & Centralizing Logs

  • Structured Logs: Use JSON or similar formats to ensure logs are machine-parsable. Avoid unstructured plaintext.
  • Contextual Metadata - Log Enrichment: Include essential metadata like trace IDs, span IDs, user IDs, request IDs, environment details, and service names.
  • Severity Levels: Use consistent severity levels (INFO, WARN, ERROR, etc.) to prioritize attention.
  • Aggregation: Centralize logs using platforms like Elasticsearch, Logstash, and Kibana (ELK), Loki, or Splunk.
  • Retention Strategy: Define retention policies based on the criticality of logs. Archive less critical logs to cheaper storage (e.g., AWS Glacier).
  • Sampling Strategies: Implement log sampling to avoid overwhelming systems with high-velocity data in production.
  • Distributed Tracing Integration: Correlate logs with distributed tracing and metrics using identifiers like trace IDs. This enables end-to-end visibility in microservices.
  • Cross-Service Context Propagation: Ensure context metadata is passed through all services in a request chain.

Security and Compliance

  • PII Masking: Mask personally identifiable information and sensitive data before logging.
  • Access Control: Protect log data with proper role-based access controls (RBAC).
  • Audit Trails: Maintain immutable logging for audit compliance.

Log Standards and Best Practices

  • Open Standards: Adopt standards like OpenTelemetry for consistent instrumentation.
  • Minimal Useful Logs: Avoid excessive logging in production. Balance detail with verbosity.
  • Log Rotations: Automate log rotation and ensure disk storage limits are managed.
  • Proactive Logging: Log important state transitions, critical decisions, and boundary conditions.
  • Error Context: When logging errors, include stack traces and context to minimize debugging effort.
  • Health Monitoring: Periodically log service health checks and status updates.

Metrics

Metric Design and Structure

Key Characteristics:

  • Name Consistency: Use clear, descriptive, and consistent naming conventions (e.g., service_name.response_time.ms).
  • Labels (Tags): Add labels to enrich metrics, like environment=prod, region=us-east, or endpoint=/api/v1.
  • Dimensionality: Avoid excessive labels (high cardinality) that can overwhelm storage and query systems.

Types of Metrics:

  • Counters: For monotonically increasing values (e.g., request count, error count).
  • Gauges: For instantaneous values (e.g., CPU usage, memory consumption).
  • Histograms: For distribution analysis (e.g., request latencies).
  • Summaries: For pre-computed percentiles but with fewer aggregation options than histograms.

Metric Aggregation

  • Granularity vs. Cost: Use high-resolution metrics for critical systems (e.g., 10-second intervals). Aggregate less-critical metrics over longer intervals to reduce storage costs.
  • Rollups: Employ rollups for historical data (e.g., minute averages for 30 days, hourly for 1 year).

Correlation & Metric collection

  • Logs and Traces: Correlate metrics with logs (error spikes) and traces (latency outliers).
  • Contextual Metrics: Include trace or span IDs in metrics for deeper troubleshooting.
  • Instrument Libraries: Use libraries like OpenTelemetry, Prometheus client libraries, or StatsD. Instrument code for application-level metrics (e.g., request duration, cache hit rate).
  • System Metrics: Collect system-level metrics (e.g., CPU, disk I/O, memory) using tools like Node Exporter.
  • Service Discovery: Use dynamic scraping mechanisms to discover and scrape metrics from services (e.g., Prometheus service discovery).

Advanced Metrics Management & Security

  • High-Cardinality Metrics: Avoid excessive dimensionality in labels like unique user IDs or session IDs.
  • Custom Aggregation: Pre-aggregate data where possible to reduce downstream query loads.
  • Retention Policies: Implement tiered storage strategies to manage metric storage (e.g., high resolution for 30 days, lower for long-term).
  • Encryption: Ensure metrics in transit are encrypted (e.g., TLS for Prometheus endpoints).
  • Access Control: Limit metric access via RBAC to prevent exposure of sensitive operational data.

Scaling Metrics Infrastructure

  • Storage Backend: Choose scalable solutions (e.g., Prometheus with remote storage, Cortex, or Thanos).
  • Sharding: Distribute metrics collection and storage for large-scale systems.
  • Rate Limits: Configure collection and query rate limits to prevent abuse or accidental overloads.

Traces

Key Trace Components

Spans:

Represent individual operations within a trace. Each span should include:

  • Name: Clear and consistent, e.g., DB Query, HTTP GET /api/users.
  • Attributes: Contextual metadata like status codes, method names, or database query details.
  • Start/End Timestamps: High-precision timing for accurate duration calculations.
  • Parent Span ID: Links spans to construct the trace tree.

Trace ID: A unique identifier shared across all spans of a single request/operation.

Instrumentation

  • Open Standards: Use OpenTelemetry or similar standards to instrument your code.
  • Auto-Instrumentation: Leverage libraries that automatically instrument common frameworks (e.g., Django, Flask, Spring Boot).
  • Manual Instrumentation: Add custom spans for critical sections of code or business logic.
  • Correlation with Logs and Metrics: Embed trace IDs into logs and metrics to connect Observability pillars.
  • Custom Tags: Add tags that provide business and operational context (e.g., user_id, transaction_id, region).
  • Span Annotations: Use annotations to log intermediate data or decisions for deeper insights.

Trace Sampling

  • Dynamic Sampling: Sample based on error rates, request importance, or SLO violations. Example: Always trace requests with errors.
  • Adaptive Sampling: Dynamically adjust the sampling rate based on system load to balance granularity and storage costs.
  • Full Traces in Development: Enable 100% sampling in non-production environments for detailed debugging.

Scaling Trace Infrastructure

  • Trace Storage: Use backends like Jaeger, Zipkin, or commercial solutions like Datadog and Honeycomb.
  • Retention Policies: Store sampled traces long-term and full traces short-term for debugging.
  • Trace Indexing: Enable efficient search and filtering on attributes like service name, status code, or user ID.

Security and Privacy

  • PII and Sensitive Data: Avoid logging or tagging spans with sensitive user information. Mask or anonymize data where required.
  • Trace Access Control: Implement role-based access controls (RBAC) for trace viewing and analysis.
  • Encryption: Encrypt trace data in transit and at rest to secure sensitive operational details.

Distributed Tracing

Distributed tracing is a technique used to track and observe requests as they propagate through a distributed system, such as one built with microservices. It provides an end-to-end view of how each service interacts to fulfill a request, allowing developers and operators to identify bottlenecks, errors, and inefficiencies.

At its core, distributed tracing works by assigning a trace ID to every request, which remains consistent as the request moves across services. Within each service, individual operations are represented as spans, which are annotated with metadata such as timestamps, operation names, and contextual details (e.g., HTTP methods, query parameters). Spans are linked hierarchically, forming a trace tree that shows the request’s journey, including timing and dependencies.

Context Propagation

One of the critical challenges is ensuring that trace context (e.g., trace ID, parent span ID) is propagated across service boundaries, including through message queues, event streams, and external APIs. Standards like W3C Trace Context help maintain consistency across diverse platforms and languages.

Sampling Strategies

Given the potential volume of trace data, advanced sampling techniques are essential:

  • Dynamic Sampling: Prioritize traces based on factors like error presence, high latency, or business-critical endpoints.
  • Head-Based Sampling: Decide whether to trace at the request’s entry point.
  • Tail-Based Sampling: Evaluate and sample traces retrospectively, focusing on anomalies like long latencies or errors.

Common Interview Questions

Easy

What is observability in software systems? Observability is the ability to infer the internal state of a system based on its external outputs, such as logs, metrics, and traces. It helps engineers monitor, debug, and optimize complex systems effectively.
Name three key pillars of observability. The three key pillars are **logs**, **metrics**, and **traces**. Logs record discrete events, metrics provide numerical trends, and traces track the journey of requests through a system.
Why are metrics important in observability? Metrics provide a quantitative view of system performance and health over time. They enable monitoring trends like CPU usage, memory utilization, or request throughput.
What is a log, and how is it used? A log is a record of events or actions in a system, often timestamped and categorized. Logs help diagnose issues by providing context about what occurred at specific points in time.
What is distributed tracing? Distributed tracing follows a request or transaction as it propagates through various services in a distributed system. It provides a holistic view of latency and bottlenecks.
What role does instrumentation play in observability? Instrumentation involves embedding code or tools into a system to collect observability data. It is essential for generating metrics, logs, and traces.
Name some popular tools for observability. Prometheus, Grafana, Elasticsearch, Kibana, Datadog, and Jaeger are popular observability tools.
What is a dashboard in the context of observability? A dashboard visualizes observability data like metrics and logs, making it easier to monitor system performance and detect issues at a glance.
Why is alerting important in observability? Alerts notify teams of issues like high latency or resource exhaustion in real-time. They are essential for proactive monitoring and rapid response.
What is the difference between monitoring and observability? Monitoring focuses on watching predefined metrics, while observability provides the ability to explore and understand system behaviors dynamically.

Medium

How do metrics differ from logs in observability? Metrics are numerical, aggregated data points that show trends (e.g., CPU usage), while logs are detailed, event-specific records providing contextual information (e.g., an error log).
What is the significance of high-cardinality data in observability? High-cardinality data, such as user IDs or IP addresses, provides granular insights. While useful, it can increase storage and processing costs, requiring efficient handling.
Explain the purpose of OpenTelemetry in observability. OpenTelemetry is an open-source framework for generating, collecting, and exporting logs, metrics, and traces. It standardizes observability practices across tools and platforms.
How do you correlate logs, metrics, and traces during debugging? By linking identifiers like request IDs or timestamps, engineers can trace an issue's lifecycle across logs, metrics, and traces to diagnose root causes effectively.
What is service-level objective (SLO), and how does it relate to observability? An SLO is a target performance metric for a service, such as 99.9% uptime. Observability ensures teams can monitor and maintain adherence to these objectives.
What is the difference between sampling and aggregation in tracing? Sampling reduces the volume of trace data by selecting representative samples, while aggregation summarizes data, like showing average latency, to save storage and processing costs.
Why are anomaly detection algorithms useful in observability? They automate the identification of unusual patterns or outliers in metrics and logs, enabling quicker detection of issues that might go unnoticed manually.
What is log enrichment, and why is it useful? Log enrichment adds context to raw logs, such as user information or service metadata. It helps in debugging and analytics by providing more meaningful insights.
What is a span in distributed tracing? A span represents a single unit of work or operation within a distributed system. Spans are linked to form a trace, which shows the end-to-end flow.
How does observability improve collaboration between development and operations teams? By providing shared visibility into system behavior, observability fosters collaboration. Both teams can identify and address issues together using the same data.

Hard

How do you handle high-cardinality metrics in a large-scale system? Techniques like bucketing, sampling, or dimensionality reduction can manage high-cardinality data. Efficient storage solutions like Prometheus’s time-series database also help.
What challenges arise in observability for microservices, and how do you address them? Challenges include fragmented data, inter-service dependencies, and high data volumes. Solutions include distributed tracing, centralized logging, and robust alerting strategies.
How do you design an observability stack for a highly available system? Use resilient tools like Prometheus for metrics, ELK stack for logs, and Jaeger for tracing. Ensure redundancy, scalability, and automated failover mechanisms.
What is tail sampling, and when is it used in tracing? Tail sampling selects traces retrospectively based on their significance, such as error traces. It ensures important traces are retained without overwhelming storage.
How do you monitor and manage resource usage of an observability system itself? Instrument the observability tools to collect metrics on their resource consumption. Optimize storage and processing configurations and enforce retention policies.
What is the role of context propagation in distributed tracing? Context propagation ensures identifiers like trace IDs flow between services, allowing seamless linking of spans across the distributed system.
How do you address noisy alerts in an observability setup? Implement alert tuning by adjusting thresholds, using deduplication, or employing rate-limiting to avoid overwhelming teams with non-critical alerts.
Explain the difference between push and pull models in metrics collection. In the push model, systems send metrics to a collector. In the pull model, the collector queries systems for metrics. Prometheus uses a pull-based approach for flexibility.
How can observability be integrated into a CI/CD pipeline? Incorporate monitoring of builds, automated tests, and deployments. Collect observability data to track performance regressions and detect issues in real-time.
How would you debug a high-latency issue in a distributed system? Use distributed tracing to identify where the latency is introduced. Combine traces with metrics like request durations and logs to pinpoint bottlenecks and their root causes.