Beyond Green Lights: Why Monitoring Fails and Observability Saves Your Stack
It is 03:14 AM on a Tuesday. Your PagerDuty triggers a critical alert: High Latency: API Gateway. You open your Grafana dashboard. The CPU is idling at 15%. Memory usage is flat. The disk queue is empty. According to your dashboard, the server is perfectly healthy. Yet, 40% of your requests are timing out.
This is the failure of traditional monitoring. It focuses on the known unknowns—the metrics you predicted might break. But in distributed systems, it is the unknown unknowns that kill you. This is where Observability steps in.
The Core Distinction: It's Not Semantics
Many vendors treat "Observability" as a synonym for "expensive monitoring." Ignore them. The distinction is architectural:
- Monitoring answers: "Is the system healthy?" (Binary: Up/Down, Slow/Fast).
- Observability answers: "Why is the system behaving this way?" (Contextual: High cardinality).
If you are managing infrastructure in Norway, likely adhering to strict SLAs for local businesses, you cannot afford to guess. You need to inspect the internal state of the system based on its external outputs.
The Three Pillars in 2022
To achieve observability, we rely on three data types: Metrics, Logs, and Traces. Let's look at how to implement these correctly, assuming a Linux environment (standard on CoolVDS instances).
1. Metrics: The "What"
Metrics are cheap to store and fast to query. In 2022, Prometheus is the undisputed king here. However, a common mistake I see in client configurations is scraping too aggressively without understanding the retention impact.
Here is a battle-tested prometheus.yml snippet optimized for a mid-sized KVM instance:
global:
scrape_interval: 15s
evaluation_interval: 15s
scrape_configs:
- job_name: 'coolvds_node'
static_configs:
- targets: ['localhost:9100']
# Drop high cardinality metrics that bloat storage
metric_relabel_configs:
- source_labels: [__name__]
regex: 'go_.*'
action: drop2. Structured Logging: The context
Grepping through /var/log/nginx/access.log is acceptable for a hobby project. It is negligence for a production platform. You must emit logs in JSON format so they can be parsed by Logstash, Fluentd, or Vector without burning CPU cycles on regex.
Modify your Nginx configuration to output structured data:
http {
log_format json_analytics escape=json
'{'
'"msec": "$msec", ' # Request time in seconds with milliseconds resolution
'"connection": "$connection", '
'"connection_requests": "$connection_requests", '
'"pid": "$pid", '
'"request_id": "$request_id", ' # Critical for tracing!
'"request_length": "$request_length", '
'"remote_addr": "$remote_addr", '
'"remote_user": "$remote_user", '
'"remote_port": "$remote_port", '
'"time_local": "$time_local", '
'"time_iso8601": "$time_iso8601", '
'"request": "$request", '
'"request_uri": "$request_uri", '
'"args": "$args", '
'"status": "$status", '
'"body_bytes_sent": "$body_bytes_sent", '
'"bytes_sent": "$bytes_sent", '
'"http_referer": "$http_referer", '
'"http_user_agent": "$http_user_agent", '
'"http_x_forwarded_for": "$http_x_forwarded_for", '
'"http_host": "$http_host", '
'"server_name": "$server_name", '
'"request_time": "$request_time", '
'"upstream": "$upstream_addr", '
'"upstream_connect_time": "$upstream_connect_time", '
'"upstream_header_time": "$upstream_header_time", '
'"upstream_response_time": "$upstream_response_time", '
'"upstream_response_length": "$upstream_response_length", '
'"upstream_cache_status": "$upstream_cache_status", '
'"ssl_protocol": "$ssl_protocol", '
'"ssl_cipher": "$ssl_cipher", '
'"scheme": "$scheme", '
'"request_method": "$request_method"'
'}';
access_log /var/log/nginx/access_json.log json_analytics;
}3. Distributed Tracing: The Thread
This is where monitoring ends and observability begins. When a request hits your Load Balancer, touches the Auth Service, queries the Database, and returns 500, which component failed? Without tracing (using Jaeger or Zipkin), you are blind.
By passing the X-Request-ID header (as seen in the Nginx config above) through every microservice, you can reconstruct the path of a specific packet.
The Infrastructure Cost of Observability
Here is the hard truth: Observability is I/O heavy. Writing structured logs, storing millions of time-series data points, and indexing traces requires substantial disk throughput.
If you run an ELK (Elasticsearch, Logstash, Kibana) stack on standard SATA SSDs or, heaven forbid, HDDs, your logging infrastructure will crash exactly when you need it most—during a traffic spike. The write queues will fill up, and Elasticsearch will enter a read-only state.
Pro Tip: For production logging stacks, we strictly recommend NVMe storage. In our internal benchmarks at CoolVDS, NVMe drives handle the high-concurrency writes of Elasticsearch 6x better than standard SSDs. Don't let your debugger be the bottleneck.
Data Sovereignty and GDPR in Norway
In the post-Schrems II era (since 2020), where you store your observability data is a legal question, not just a technical one. Logs often contain PII (IP addresses, user agents, email identifiers).
If you are shipping your logs to a US-based SaaS observability platform, you are likely violating GDPR unless you have strict Standard Contractual Clauses (SCCs) and supplementary measures in place. The Norwegian Data Protection Authority (Datatilsynet) has been increasingly vigilant about this.
The Solution: Host your observability stack (Prometheus/Grafana/Loki) locally. By keeping the data on a VPS in Norway, you reduce latency for ingestion and simplify compliance. Data never leaves the EEA.
Implementation Strategy
Do not try to boil the ocean. Start small.
- Day 1: structured logging (JSON) on your load balancers.
- Day 2: Set up a Prometheus instance on a separate CoolVDS node (isolate monitoring from production).
- Day 3: Implement basic tracing for your slowest endpoints.
Stop guessing why your server is slow. Turn the lights on. If you need a sandbox to test a Grafana/Prometheus setup without breaking the bank, spin up a high-performance instance today.