Observability vs Monitoring: Why Your "Green" Dashboard is Lying to You
It was 03:14 AM. My phone buzzed on the nightstand. The PagerDuty alert was screaming critical failure on the payment gateway. I opened my laptop, eyes stinging from the blue light, and checked the Grafana dashboard. Everything was green. CPU usage? 40%. RAM? Plenty of headroom. Disk I/O? Nominal. According to our monitoring tools, the system was healthy. Yet, Twitter was on fire with angry customers who couldn't complete their orders.
That is the fundamental failure of monitoring. It answers the question: "Is the system healthy based on pre-defined thresholds?"
But when distributed systems break in 2023, they rarely break because a CPU hit 100%. They break because of a race condition in a microservice, a locked database row, or a third-party API timeout. To fix that, you don't need monitoring. You need observability.
The Distinction: Known Unknowns vs. Unknown Unknowns
Let's strip away the marketing buzzwords. The difference is architectural, not semantic.
- Monitoring tracks known unknowns. You know disk space might run out, so you set an alert for 90% usage. You know the web server might crash, so you check for a PID.
- Observability allows you to ask questions about unknown unknowns. It is a property of a system that allows you to understand its internal state purely by inspecting its outputs (logs, metrics, and traces).
Pro Tip: If you have to SSH into a server to rungreporstraceto figure out why an error is happening, your system is not observable. You are debugging blindly.
The Three Pillars in Practice
To achieve observability, we need to correlate three specific data types. In the DevOps landscape of 2023, the standard open-source stack for this is the "LGTM" stack (Loki, Grafana, Tempo, Mimir) or the classic ELK stack, though the latter is becoming heavy for many use cases.
1. Metrics (The "What")
Metrics are aggregatable numbers. They are cheap to store and fast to query. We use Prometheus here. It scrapes endpoints and stores time-series data.
# prometheus.yml snippet
scrape_configs:
- job_name: 'coolvds-node-exporter'
static_configs:
- targets: ['10.0.0.5:9100']
scrape_interval: 15s
2. Logs (The "Context")
Logs provide the narrative. However, simply dumping text files to /var/log/nginx/access.log is useless at scale. You need structured logging (JSON) and a centralized aggregator. We prefer Loki because it doesn't index the full text of the log, only the metadata labels, making it incredibly storage-efficient compared to Elasticsearch.
Configure your Nginx to output JSON so Loki can parse it automatically:
# nginx.conf
log_format json_analytics escape=json '{
"msec": "$msec",
"connection": "$connection",
"connection_requests": "$connection_requests",
"pid": "$pid",
"request_id": "$request_id",
"request_length": "$request_length",
"remote_addr": "$remote_addr",
"remote_user": "$remote_user",
"remote_port": "$remote_port",
"time_local": "$time_local",
"time_iso8601": "$time_iso8601",
"request": "$request",
"request_uri": "$request_uri",
"args": "$args",
"status": "$status",
"body_bytes_sent": "$body_bytes_sent",
"bytes_sent": "$bytes_sent",
"http_referer": "$http_referer",
"http_user_agent": "$http_user_agent",
"http_x_forwarded_for": "$http_x_forwarded_for",
"http_host": "$http_host",
"server_name": "$server_name",
"request_time": "$request_time",
"upstream": "$upstream_addr",
"upstream_connect_time": "$upstream_connect_time",
"upstream_header_time": "$upstream_header_time",
"upstream_response_time": "$upstream_response_time",
"upstream_response_length": "$upstream_response_length",
"upstream_cache_status": "$upstream_cache_status",
"ssl_protocol": "$ssl_protocol",
"ssl_cipher": "$ssl_cipher",
"scheme": "$scheme",
"request_method": "$request_method",
"server_protocol": "$server_protocol",
"pipe": "$pipe",
"gzip_ratio": "$gzip_ratio",
"http_cf_ray": "$http_cf_ray"
}';
3. Traces (The "Where")
This is the missing link for most organizations. Tracing follows a request as it propagates through your microservices. If your PHP frontend calls a Go backend, which queries a PostgreSQL database, a trace ties them all together. OpenTelemetry (OTel) has emerged as the industry standard for generating these traces.
Implementation Strategy: The OpenTelemetry Collector
Instead of sending data directly from your app to the backend, you should run an OpenTelemetry Collector agent on your VPS. This offloads the batching and encryption overhead from your application.
Here is a production-ready configuration for an OTel collector running on a CoolVDS instance, forwarding data to a local Grafana Tempo backend:
# otel-collector-config.yaml
receivers:
otlp:
protocols:
grpc:
http:
processors:
batch:
timeout: 1s
send_batch_size: 1024
exporters:
otlp:
endpoint: "tempo:4317"
tls:
insecure: true
service:
pipelines:
traces:
receivers: [otlp]
processors: [batch]
exporters: [otlp]
The Infrastructure Reality Check
Observability comes with a cost: Write Amplification. Enabling detailed tracing and structured logging can generate gigabytes of data per hour for high-traffic applications. If you attempt to host a full observability stack (Elasticsearch or Loki + Tempo) on a budget VPS with spinning rust (HDD) or shared SATA SSDs, your monitoring infrastructure will collapse under its own weight.
I have seen this happen. The application is fine, but the logging server is stuck in I/O wait because it can't write to disk fast enough.
Why NVMe is Non-Negotiable
For observability data, random write performance is paramount. CoolVDS instances use pure NVMe storage. When you are ingesting thousands of spans per second, the queue depth increases rapidly. NVMe drives handle high queue depths significantly better than SATA SSDs.
| Feature | Standard VPS (SATA SSD) | CoolVDS (NVMe) |
|---|---|---|
| Random Write IOPS | ~5,000 - 10,000 | ~50,000+ |
| Latency | 2-5ms | <0.5ms |
| Bottleneck Risk | High during log spikes | Virtually zero |
The Norwegian Context: Data Sovereignty & Latency
If you are operating in Norway, shipping your metrics and logs to a US-based SaaS observability platform (like Datadog or New Relic) introduces legal complexity regarding Schrems II and GDPR. Logs often contain PII (IP addresses, user IDs, email fragments).
Hosting your observability stack (Grafana/Loki/Tempo) on CoolVDS inside Norway solves two problems:
- Compliance: Data never leaves Norwegian jurisdiction, satisfying Datatilsynet requirements.
- Network Latency: Sending trace data requires bandwidth. If your servers are in Oslo, sending telemetry to a collector in Virginia (US-East) adds latency and exit costs. Keeping traffic local to NIX (Norwegian Internet Exchange) ensures your debugging data arrives in near real-time.
Setting Up the Stack
To get started, you don't need a Kubernetes cluster. A robust Docker Compose setup on a single high-performance VPS is sufficient for many mid-sized deployments. Here is a simplified definition to get the LGTM stack running:
version: "3.4"
services:
loki:
image: grafana/loki:2.7.0
command: -config.file=/etc/loki/local-config.yaml
ports:
- "3100:3100"
tempo:
image: grafana/tempo:2.0.0
command: [ "-config.file=/etc/tempo/tempo-local.yaml" ]
ports:
- "14268:14268" # jaeger ingest
- "4317:4317" # otlp grpc
- "3200:3200" # tempo
grafana:
image: grafana/grafana:9.3.0
environment:
- GF_AUTH_ANONYMOUS_ENABLED=true
- GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
ports:
- "3000:3000"
Note: Ensure you lock down these ports using ufw or the CoolVDS firewall if you deploy this to a public interface.
Final Thoughts
Stop waiting for customers to report outages. Green dashboards mean nothing if the user experience is broken. By implementing OpenTelemetry and aggregating your logs and traces, you gain the ability to see the system as it truly behaves.
But remember: Observability is data-heavy. It demands IOPS and low latency. Don't cripple your insights by running them on sluggish infrastructure.
Ready to see what your code is actually doing? Deploy a CoolVDS NVMe instance in Oslo today and build an observability stack that keeps up with your traffic.