Observability vs Monitoring: Why Your Green Dashboard is Lying to You
Itâs 3:00 AM on a Tuesday. PagerDuty just woke you up. You stumble to your workstation, open Grafana, and see... nothing. All panels are green. CPU is at 40%, memory is stable, and disk usage is negligible. Yet, Twitter is exploding because your users in Trondheim can't process payments.
This is the classic failure of Monitoring. You monitored the infrastructure, but you ignored the state of the system. You checked the known unknowns (is the disk full?), but you missed the unknown unknowns (why is the database locking rows only when a specific microservice retries a connection?).
As a Systems Architect who has debugged everything from bare metal failures to Kubernetes race conditions, Iâm tired of the debate. Here is the technical reality of why you need to move beyond simple health checks, and how to build an observability stack that actually worksâhosted right here in Norway to keep the Datatilsynet off your back.
The Fundamental Difference: "Is it up?" vs "What is it doing?"
Monitoring is panoramic. It gives you the aggregate view of the world. It answers questions you predicted you'd need to ask.
- Monitoring: "Alert me if HTTP 500 rate > 1%."
- Observability: "Show me every request from User ID 8821 that touched the payment gateway, crossed the Redis cache, and failed with a timeout, including the stack trace."
In 2022, with the complexity of microservices and distributed systems, simple uptime checks are vanity metrics.
The Stack: Building the "Three Pillars" on CoolVDS
To achieve observability, we rely on three data types: Metrics, Logs, and Traces. Let's look at how to implement this using the modern open-source standard: The LGTM stack (Loki, Grafana, Tempo, Mimir) or the classic ELK.
1. Metrics (Prometheus)
Metrics are cheap. They are just numbers. We use them to trigger alerts. If you are running a Node.js application, don't just rely on external pings. Expose internal metrics.
Here is a snippet of a standard prometheus.yml scrape config. Note the scrape_interval. If you set this too high (e.g., 1m), you smooth out the spikes that are actually killing your app.
global:
scrape_interval: 15s
evaluation_interval: 15s
scrape_configs:
- job_name: 'coolvds-node-exporter'
static_configs:
- targets: ['10.0.0.5:9100']
- job_name: 'app-payment-service'
metrics_path: '/metrics'
scheme: 'http'
static_configs:
- targets: ['10.0.0.6:3000']2. Logs (Loki vs. Elasticsearch)
Logs are expensive. They eat disk space for breakfast. In the past, we dumped everything into Elasticsearch (ELK stack). It works, but the Java heap requirements are massive. For a more efficient approach, I prefer Grafana Loki.
Loki doesn't index the text of the logs, only the metadata (labels). This makes it incredibly fast and storage-efficient, perfect for NVMe storage where IOPS matter more than raw capacity.
Here is a promtail configuration (the agent that ships logs to Loki) optimized to strip sensitive data before it leaves the serverâcrucial for GDPR compliance.
server:
http_listen_port: 9080
grpc_listen_port: 0
positions:
filename: /tmp/positions.yaml
clients:
- url: http://loki.monitoring.svc:3100/loki/api/v1/push
scrape_configs:
- job_name: system
static_configs:
- targets:
- localhost
labels:
job: varlogs
__path__: /var/log/*.log
pipeline_stages:
- regex:
expression: "^.*(?P\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}).*$"
- labels:
ip: Pro Tip: Never log raw credit card numbers or unmasked personal IDs. Even if you host in Norway, processing that data in clear text in your logs is a security violation waiting to happen. Use pipeline stages to mask patterns immediately.
3. Tracing (OpenTelemetry)
This is where the magic happens. Tracing allows you to visualize the lifespan of a request as it propagates through your infrastructure. In late 2022, OpenTelemetry (OTel) has effectively won the war against proprietary agents.
If you have a Python Flask app, auto-instrumentation is now stable enough for production. You don't need to rewrite your code, you just run it inside the OTel wrapper:
pip install opentelemetry-distro opentelemetry-exporter-otlp
opentelemetry-bootstrap -a install
export OTEL_TRACES_EXPORTER=otlp
export OTEL_EXPORTER_OTLP_ENDPOINT=http://tempo.monitoring.svc:4317
export OTEL_SERVICE_NAME=payment-service
opentelemetry-instrument python app.pyWhen you view this in Grafana Tempo, you don't just see "500 Error". You see that the SQL SELECT query took 4,500ms because the connection pool was exhausted, causing the frontend to time out.
The Infrastructure Bottleneck: Why Hardware Matters
You can have the best observability stack in the world, but if your underlying hosting is noisy, your data is garbage.
I recently audited a setup where the client complained about "random" latency spikes in their Prometheus metrics. It turned out they were using a budget VPS provider that oversold CPU cycles. Their "monitoring" showed their code was fine, but the hypervisor was stealing cycles (Steal Time > 15%).
This is why we use CoolVDS.
| Feature | Budget VPS | CoolVDS (KVM) |
|---|---|---|
| Virtualization | Container-based (OpenVZ/LXC) | Kernel-based (KVM) |
| Storage I/O | Shared SATA/SSD (Low IOPS) | Dedicated NVMe (High IOPS) |
| Noisy Neighbors | High Risk | Strict Isolation |
When you are ingesting thousands of log lines per second into Loki or Elasticsearch, disk I/O is your bottleneck. CoolVDS utilizes pure NVMe storage arrays. Weâve seen Elasticsearch cluster rebalancing times drop by 60% just by moving from standard SSD VPS to CoolVDS NVMe instances.
The Norwegian Context: GDPR and Schrems II
Here is the elephant in the room for 2022. The Schrems II ruling has made using US-based SaaS observability platforms a legal minefield. If your logs contain IP addresses (which are PII) and you ship them to a US cloud provider, you are likely non-compliant.
The pragmatic solution? Self-host your observability stack.
By running Prometheus, Grafana, and Loki on a CoolVDS instance in Oslo, your data never leaves Norwegian legal jurisdiction. You get:
- Lower Latency: Your servers are in Oslo; your monitoring should be too. Sending metrics to Virginia and back adds unnecessary delay to alerting.
- Data Sovereignty: You have full root access to the disk where the logs live. No third-party snooping.
- Cost Control: Ingesting 500GB of logs/month on a SaaS platform costs a fortune. On CoolVDS, it just costs the price of the disk space.
Conclusion: Stop Guessing, Start Observing
If you are still relying on a simple "HTTP 200 OK" check to sleep at night, you are one bad deployment away from a nightmare. Observability is not just for Netflix or Uber; it's for any business that cannot afford downtime.
Building an LGTM stack on a robust VPS gives you the insights of a massive tech giant with the privacy and compliance of a local Norwegian entity.
Ready to own your data? Deploy a high-performance NVMe instance on CoolVDS today and get your Grafana dashboard greenâfor the right reasons.