Your dashboard is green. Every metric looks healthy. Then a customer reports that checkout has been failing for the past hour, and you have no idea why.
This scenario plays out in engineering teams every week, and it highlights a critical gap: the difference between monitoring and observability. In my experience working with production systems over the past decade, understanding where one ends and the other begins will change how you build and operate software.
What Monitoring Actually Does
Monitoring is the practice of collecting, aggregating, and alerting on predefined metrics. You decide in advance what matters, set thresholds, and get notified when those thresholds are breached.
Think of monitoring as a set of yes/no questions you have already written:
- Is CPU usage above 80%?
- Is the error rate above 1%?
- Is the response time above 500ms?
- Is the disk more than 90% full?
These are valuable questions. The problem is that they only cover failure modes you have already imagined. Monitoring is excellent at detecting known unknowns, the problems you can anticipate.
The Limits of Traditional Monitoring
Traditional monitoring tools work well for straightforward infrastructure. If your application is a single server running a monolith, a handful of dashboards will likely cover most of your operational needs.
But as systems grow more distributed, the number of possible failure modes grows exponentially. You cannot write alerts for every possible combination of partial failures, network latency spikes, and cascading timeouts. This is where monitoring hits its ceiling. I have found that teams running microservices architectures are the first to feel this pain acutely.
What Observability Really Means
Observability is a property of a system, not a product you buy. A system is observable when you can understand its internal state by examining its external outputs. The term comes from control theory ↗, where it describes whether you can infer the internal state of a system from its outputs alone.
In practice, observability means you can ask arbitrary questions about your system’s behaviour without deploying new code or adding new instrumentation. When something unexpected happens, you can explore, slice, and correlate your data to find the root cause.
The Three Pillars
Observability rests on three complementary signal types:
Logs are discrete, timestamped records of events. Structured logs (JSON rather than plain text) are far more useful because they can be queried, filtered, and correlated programmatically.
Metrics are numerical measurements collected over time. They answer questions about aggregates: request rates, error percentages, latency percentiles. Metrics are cheap to store and fast to query, making them ideal for dashboards and alerting.
Traces follow a single request as it travels through your system. In a distributed architecture, a trace shows you exactly which services were involved, how long each step took, and where failures occurred. Distributed tracing is often the most revealing of the three pillars, yet it is the least commonly adopted.
Comparing the Three Pillars
| Signal | What It Captures | Best For | Typical Tools | Storage Cost |
|---|---|---|---|---|
| Logs | Discrete events with context | Debugging specific requests, audit trails | ELK Stack, Loki, Splunk | High (verbose) |
| Metrics | Numerical aggregates over time | Dashboards, alerting, trend analysis | Prometheus, Grafana, Datadog | Low (compact) |
| Traces | Request paths through services | Diagnosing latency, understanding dependencies | Jaeger, Zipkin, Honeycomb | Medium (sampled) |
Why the Distinction Matters
The difference is not academic. It changes how you respond to incidents.
With monitoring alone, your incident response looks like this: an alert fires, you check the relevant dashboard, you look at the metric that breached its threshold, and you try to correlate it with something you recognise. If the problem matches a pattern you have seen before, you fix it. If it does not, you are stuck.
With observability, your response is different. You start with the symptom, then explore. You can group and filter your data by any dimension: user ID, region, feature flag, deployment version, request path. You follow the trail wherever it leads, even into territory you did not anticipate when you built the system.
A Practical Example
Imagine your API’s p99 latency has spiked. Monitoring tells you it happened. Observability lets you discover that the spike only affects users in a specific region, only on requests that hit a particular microservice, and only when that service calls a third-party API that started returning slower responses after their own deployment twenty minutes ago.
That level of diagnosis simply is not possible with predefined dashboards alone. According to the Honeycomb Observability Maturity Report ↗, teams with mature observability practices resolve incidents up to 70% faster than those relying on traditional monitoring alone.
Building Observable Systems
Observability is not something you bolt on after the fact. It requires intentional design decisions throughout your codebase. This is something I have learned the hard way: retrofitting observability into a production system is far more painful than building it in from the start.
Structured Logging
Stop writing console.log("something went wrong"). Instead, emit structured events with rich context:
{
"level": "error",
"message": "payment_processing_failed",
"user_id": "u_12345",
"order_id": "ord_67890",
"payment_provider": "stripe",
"error_code": "card_declined",
"latency_ms": 2340,
"region": "eu-west-1"
}Every field you include is a dimension you can later query, filter, and group by. The more context you attach to each event, the more questions you can answer without redeploying. If you are interested in how logging fits into the bigger picture, the developer’s guide to logging covers this in depth.
Meaningful Metrics
Not all metrics are created equal. Focus on the ones that reflect user experience:
- Request rate (throughput)
- Error rate (reliability)
- Latency distribution (performance), specifically p50, p95, and p99
- Saturation (how full your resources are)
These four, sometimes called the “golden signals” from Google’s SRE handbook ↗, give you a solid foundation. Add custom business metrics where they matter: sign-ups per minute, payments processed, search queries completed.
Distributed Tracing
If you run more than one service, invest in distributed tracing early. Propagate trace context through HTTP headers, message queues, and background jobs. Every span should include relevant metadata: the service name, the operation, and any business-relevant identifiers.
The setup cost is real, but the debugging speed improvement is transformative. Issues that once took hours to diagnose become solvable in minutes. If you are building a CI/CD pipeline, consider adding trace validation as part of your deployment checks.
Monitoring vs Observability: Key Differences
| Aspect | Monitoring | Observability |
|---|---|---|
| Approach | Predefined checks and alerts | Exploratory, ad-hoc investigation |
| Questions | Known in advance | Asked after the fact |
| Failure modes | Detects known unknowns | Helps diagnose unknown unknowns |
| Data model | Aggregated metrics | High-cardinality, rich context |
| Setup cost | Lower initial investment | Higher initial investment |
| Investigation speed | Fast for known patterns | Fast for novel issues |
| Scalability | Struggles with complex systems | Scales with system complexity |
Common Pitfalls
Collecting everything without purpose. More data is not automatically better. High-cardinality metrics can become expensive quickly, and noisy logs make it harder to find signal. Be intentional about what you instrument.
Treating observability as a tool purchase. Buying Datadog does not make your system observable. If your application emits poor-quality telemetry, no platform will save you. Focus on instrumentation quality first.
Ignoring the human side. Observability tooling is only useful if your team knows how to use it. Invest in runbooks, training, and blameless post-incident reviews that teach people how to investigate effectively. Writing good documentation that your team actually reads is just as important as the tooling itself.
Alerting on everything. Alert fatigue is a real problem. Reserve alerts for conditions that require immediate human action. Everything else belongs in a dashboard or a weekly review.
Getting Started
If your team is new to observability, start small. Pick one critical user journey, say, the checkout flow, and instrument it thoroughly. Add structured logging, track the key metrics, and implement tracing across the services involved.
Once you have seen the value in one area, the pattern becomes easy to replicate. You will find that teams naturally start asking for better instrumentation once they experience how much faster it makes incident response.
The goal is not to replace your existing monitoring. It is to build on it, creating systems that let you answer questions you have not thought of yet. In a world of distributed, constantly evolving software, that capability is not a luxury. It is a necessity.
Frequently asked questions
What is the difference between observability and monitoring?
Monitoring tells you when something is wrong by tracking predefined metrics and thresholds. Observability lets you understand why something is wrong by allowing you to ask arbitrary questions of your system using logs, metrics, and traces.
Do I need both observability and monitoring?
Yes. Monitoring provides essential alerting for known failure modes, while observability gives you the investigative power to diagnose novel issues. They complement each other rather than compete.
What are the three pillars of observability?
The three pillars are logs (discrete events), metrics (numerical measurements over time), and traces (the path of a request through distributed services). Together, they provide a comprehensive view of system behaviour.
Is observability only for microservices?
No. While observability became prominent alongside microservices adoption, any system benefits from better introspection. Even monolithic applications gain value from structured logging, meaningful metrics, and request tracing.
What tools should I use for observability?
Popular choices include Grafana and Prometheus for metrics, Jaeger or Zipkin for distributed tracing, and the ELK stack or Loki for log aggregation. Managed platforms like Datadog, Honeycomb, and New Relic offer integrated solutions.
Enjoyed this article? Get more developer tips straight to your inbox.
Related articles
How to Build a CI/CD Pipeline That Actually Works
Build a CI/CD pipeline that is fast, reliable, and maintainable. Practical patterns from real-world engineering teams.
David White 8 min read Docker for Developers: Beyond the Basics
Go beyond basic Docker usage with multi-stage builds, layer caching, security hardening, and production-ready patterns for developers.
David White 7 min read Feature Flags: A Practical Introduction
A practical introduction to feature flags covering implementation patterns, rollout strategies, and common pitfalls to avoid.
David White 8 min read
Comments
Join the conversation. Share your experience or ask a question below.
No comments yet. Be the first to share your thoughts.