Three Pillars of Observability                 

By Staff Contributor on December 6, 2023

Observability is crucial in modern software systems, especially regarding distributed and complex architectures. It entails understanding, measuring, and gaining insights into what’s happening within the system by analyzing data from various sources. Observability enables developers, operational teams, and other stakeholders to troubleshoot and understand the behavior of their applications and infrastructure.

In this post, we’ll cover the traditional pillars of observability, another pillar to consider, and how to leverage each to monitor and troubleshoot systems. This ensures systems have improved reliability, fast incidence response, and better performance while maintaining high-quality software.

Reasons for Using an Observability Approach Over Traditional Monitoring Approaches

The traditional monitoring approach involves using predefined metrics and monitoring tools to keep track of the system’s performance and health. It monitors key performance indicators (KPIs) and predefined thresholds to alert administrators when specific metrics exceed predefined limits.

However, the observability approach offers several compelling reasons to choose it over the traditional monitoring approach, as explained below:

  • Visibility into Complex Systems: Observability provides deep insights into the complex and distributed systems that involve microservices, containers, and serverless architectures. It allows engineers to better understand the system’s internal states and interactions that traditional monitoring cannot reveal.
  • Adaptability to Change: Traditional monitoring relies on predefined metrics unsuitable for the evolving system and new components added. Observability can handle constant changes and supports adding new features without modifying the monitoring infrastructure.
  • Support for Unknown Unknowns: In traditional monitoring, you can only monitor what you know you need to measure. However, typical systems don’t work that way, as unprecedented issues may occur. Observability allows engineers to explore vast data and uncover patterns they were not explicitly looking for.

Observability is becoming increasingly popular in modern application development and operations. This is because it provides a deeper understanding of complex systems and enables more effective monitoring and problem-solving.

Three Pillars of Observability

The three traditional pillars of observability include metrics, logs, and traces. Leaders in the space have identified end-user monitoring as a fourth pillar needed to unlock true full-stack observability. These pillars collectively form a concrete foundation for building a comprehensive observability strategy.


Metrics refer to quantitative measurements that provide insights into a system’s behavior, performance, and health. These metrics are typically collected and recorded over time. They assist developers and operators in understanding their system’s current state, identifying trends, and detecting anomalies.

Roles of Metrics in Observability

The roles of metrics in observability are crucial, and they include the following:

  • Performance Monitoring: Metrics help to track the performance of various system components, such as CPU usage, memory consumption, and network throughput. By monitoring these metrics, teams can identify performance bottlenecks and optimize resource allocation.
  • Issue Detection and Troubleshooting: Occasionally, unexpected behavior and errors occur in a system. Metrics play a crucial role in identifying root causes. Deviations and anomalies in metrics indicate potential issues that require investigation and resolution.
  • Capacity Planning and Scalability: Metrics help forecast resource requirements and plan capacity upgrades to enable the system to handle increasing workloads. This ensures that the system can scale effectively as the demand grows.

Types of Metrics

There are various types of metrics that measure observability. Some of the commonly used are:

  • Counters: These metrics continuously increase over time and represent a count of specific events or occurrences. They track the number of times an event happens, such as the total number of requests, errors, or messages processed.
  • Gauges: These metrics represent a single value at a particular point in time. Unlike counters, gauges can go up and down, reflecting instantaneous measurements of a specific state.
  • Histograms: They observe the distribution of values over time. Histograms group data into configurable ranges and track the frequency of data points falling into each range. They help analyze the spread of values, identify outliers, and calculate percentiles.

Methods of Collecting Metrics in Observability

In observability, collecting metrics data plays a fundamental role in monitoring and understanding the behavior of a system or application. Several methods exist for collecting metrics data, and the choice of method depends on several factors, such as the nature of the system, the scale of infrastructure, and the monitoring tools in use. Some of the standard methods include the following:

  • Instrumentation Libraries: They collect metrics directly from the application code. Developers can add code snippets or use pre-built libraries that automatically gather and report relevant metrics to the monitoring system.
  • API Endpoints: Some systems expose their API endpoints specifically for metrics collection. Monitoring tools can request that these endpoints fetch the current metric values.
  • Agents and Proxies: Dedicated agents and proxies are deployed alongside applications to collect metrics. These agents extract data directly from the application memory, runtime, or network interfaces. They then send the collected data to the central monitoring system.

How to Use Metrics in Observability

Next, we’ll look at some of the scenarios where metrics help identify and troubleshoot various system issues:

  • High CPU Usage: If the CPU usage metrics show a sustained high percentage, the system is under heavy load and might be experiencing performance issues.
  • Increased Error Rate: A sudden increase in the error rate metric can signal application stability or functionality issues. The team should investigate the error logs corresponding to the spike in errors to identify the root cause and address the underlying problem.
  • Memory Leaks: A gradual increase in memory utilization over time may suggest a memory leak in the application. The team may need to monitor and compare the memory usage trend to normal behavior.

In summary, by monitoring a wide range of relevant metrics and analyzing their trends and patterns, teams can gain valuable insights into system behavior and identify issues proactively.


Logs are records of events, activities, and messages generated by various components within the software system. These events may include error messages, warning messages, informational messages, and other relevant data useful in monitoring and analyzing the system’s health and performance.

Roles of Logs in Observability

The primary role of logs in observability is to provide visibility into the system’s internal workings. Below are some of the critical functions of logs in observability:

  • Debugging and Troubleshooting: When an error or unexpected system behavior occurs, developers and system administrators may refer to logs to understand the sequence of events leading up to the issue, hence pinpointing the root cause.
  • Performance Monitoring and Optimization: Logs provide valuable insights into the system’s performance through analysis of performance-related logs. From them, teams can identify bottlenecks, inefficiencies, and areas of optimization.
  • Security and Intrusion Detection: Unusual and suspicious activities are identified by analyzing the logs, hence aiding in detecting potential security breaches.

Categories of Logs

Logs are categorized into different types depending on the nature of the information they capture and in which context they are used. There are many types of logs in observability, and how they can be used to troubleshoot problems is explained below:

  • Application Logs: These logs gather information about the application’s internal state, actions performed, and events triggered during its execution. They play a vital role in assisting developers and operators in understanding the application’s behavior, diagnosing issues, and tracking bugs.
  • Server Logs: They record server-related activities such as incoming requests, server errors, resource usage, and server status. These logs are vital for monitoring server health, identifying performance bottlenecks, and optimizing resource utilization.
  • Access Logs: They capture information about incoming requests of a web server or API, including details such as the IP address of the client, the requested resource, the timestamp, the HTTP method used, and the response status code. Access logs help understand traffic patterns, identify potential security threats, and analyze the usage of specific endpoints or resources.

To effectively leverage logs for observability, organizations should strive for centralized logging solutions that aggregate logs from different sources, making them easily searchable and analyzable.

Methods of Collecting Logs in Observability

In observability, various methods and tools are employed to collect log data effectively. Below are some of the standard logs collection methods:

  • Logging Libraries and Frameworks: Most programming languages have libraries and frameworks developers can use to instrument their applications and log relevant events. These libraries allow developers to define log levels, log formats, and destinations.
  • Syslog: This refers to a standard protocol that sends log messages to a central logging server. Applications and services can be configured to send their logs to a syslog server, facilitating centralized log management.
  • Container Logging: For applications running in containers like Docker, container logging drivers or plugins can capture logs generated within the containers and forward them to the host system or a centralized log collector.

Note that log data collection methods can be combined for more comprehensive observability.


A trace is a sequence of events that occurs as a request or transaction flows through a distributed system. Each event within a trace represents a distinct operation/action that is part of the overall request’s journey across different services/components.

Traces are an essential component of distributed tracing, a technique that monitors and troubleshoots complex systems, especially those built using a microservices architecture.

Roles of Traces in Observability

Traces play a vital role in achieving observability in the following ways:

  • Request Flow Visualization: Traces allow the developers to visualize the entire path of a request or transaction through the system. This helps in understanding the flow of operations and identifying any potential bottlenecks or performance issues.
  • Latency Analysis: By recording the timestamps of each event in a trace, it’s possible to measure the time taken for each operation. This helps pinpoint where the delays occur and identify the root causes, enabling the teams to optimize the system’s performance.
  • Distributed Context Propagation: Traces include a unique identifier that ties together all the events related to a single request or transaction. This identifier allows for distributed context propagation, enabling tracking and correlating of logs, metrics, and other telemetry data associated with the same request across different services.

How to Use Traces in Observability

Traces play a significant role in troubleshooting problems in complex distributed systems. Below are some of the scenarios where traces are useful in identifying and resolving issues:

  • Service Dependency Issues: When a particular service is experiencing problems, traces can direct you to other dependent services and how they interact. If the issue lies with the downstream service, the trace can highlight the point of failure and guide you to the problem’s guide.
  • Concurrency and Parallelism Issues: Traces are helpful in revealing potential concurrency or parallelism problems in your application. Therefore, by inspecting the trace data, you can determine if multiple requests are interfering with each other, leading to deadlocks, race conditions, or contention problems.
  • Excessive Retry Attempts: Traces can highlight excessive retry attempts from an application/service, indicating that a service might be experiencing temporary issues. Investigating the trace can help you determine whether the retries are due to legitimate transient failures or indicate deeper problems that need to be addressed.

In summary, traces provide detailed insights into the behavior of a distributed system, making them indispensable for troubleshooting problems.

The Fourth Pillar: End User Experience

In the landscape of observability, the end-user experience emerges as an increasingly pivotal pillar. This component focuses on how users perceive, interact with, and feel about a given system or application. While backend metrics might indicate optimal functionality, real success is measured by user satisfaction and ease of use. A system’s real-world performance is determined by its internal metrics and how real users experience its functionality in live environments.

Roles of End User Experience in Observability

End-user experience is not merely a supplementary aspect of observability but plays foundational roles in the broader context. Specifically:

  • Performance Perception: Unlike backend metrics, the end-user experience captures how quickly and efficiently users feel the system responds.
  • Usability Assessment: It offers insights into how intuitive and user-friendly an application is, highlighting areas that might lead to user frustration or drop-offs.
  • Error Recognition from User’s View: While internal logs might catch technical glitches, the end-user perspective captures bugs or issues that genuinely affect usability.

How to Use End User Experience in Observability

Incorporating end-user experience into observability requires a nuanced approach that emphasizes user-centric data:

  • Feedback Integration: Regularly solicit and integrate user feedback to understand and prioritize areas for system improvement.
  • Performance Metrics: Monitor metrics like page load times, click response rates, and navigation ease, emphasizing areas that users most frequently interact with.
  • Behavioral Analytics: Utilize tools that track and analyze user behavior, pinpointing segments where users might struggle or drop off.

The end-user experience reflects a system’s genuine performance in the real world. By focusing on this fourth pillar, teams can ensure their systems are not only technically sound but also resonate positively with their intended audience.

In the following section, we’ll examine some of the tools used to perform observability.

Popular Tools Used in Observability

Organizations are leveraging observability tools in their complex systems. Several tools for observability exist in the market today, as highlighted below:

  • SolarWinds® Observability is a SaaS-delivered, integrated, full-stack observability solution built to connect data from web applications, their services, cloud and hybrid infrastructure such as Kubernetes, AWS, and Azure, as well as databases and end-user experience. It delivers holistic business insights, operational intelligence, and intelligent automation to help solve complex business problems. In addition, the tool simplifies business processes, optimizes the DevOps team’s performance, and increases business-critical systems’ reliability. SolarWinds Observability stands out from other solutions because of its inclusion of the fourth pillar, end-user monitoring, to unlock full-stack observability. SolarWinds also offers an on-premises observability solution, Hybrid Cloud Observability, for teams needing an on-prem solution.
  • Prometheus is an open-source monitoring and alerting toolkit that collects and stores time-series data in time-series databases. Prometheus provides a powerful querying language and integrates well with Grafana for visualization.
  • Grafana is an open-source platform used in data visualization and monitoring. Grafana can connect to various data sources, such as Prometheus, and provides flexible and interactive dashboards to display metrics and logs.

All said, the landscape of observability tools is undoubtedly evolving, and new tools and features are emerging. It’s essential to stay up-to-date with the latest developments in the field in order to choose the most suitable tool for your specific needs. SolarWinds Observability integrates most of the tools needed for observability and incorporates all four pillars. Furthermore, it has been built for DevOps, so why not try their free trial today?

Wrapping Up

In conclusion, observability is indispensable to modern system design and maintenance. It empowers teams to promptly detect, diagnose, and respond to issues, leading to more reliable, performant, and secure systems. As technology continues to evolve, the importance of observability will only grow, shaping the way we build and manage complex systems in the future.

This post was written by Verah Ombui. Verah is a passionate technical content writer and a DevOps practitioner who believes in writing the best content on DevOps, and IT technologies and sharing it with the world. Her mission has always remained the same: learn new technologies by doing hands-on practice, deep-dive into them, and teach the world in the easiest possible way. She has good exposure to DevOps technologies such as Terraform, AWS Cloud, Microsoft Azure, Ansible, Kubernetes, Docker, Jenkins, Linux, etc.

Related Posts