Bird
Raised Fist0
Microservicessystem_design~10 mins

Three pillars (metrics, logs, traces) in Microservices - Scalability & System Analysis

Choose your learning style10 modes available
LearnWhyDeepArchPracticeChallengeDesignRecallScale

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Scalability Analysis - Three pillars (metrics, logs, traces)
Growth Table: Scaling Observability in Microservices
Users/TrafficMetricsLogsTraces
100 usersBasic CPU, memory, request counts collected on few servicesLogs stored locally, simple text files, manual inspectionTraces sampled at low rate, few services instrumented
10K usersCentralized metrics collection with Prometheus or similar; alerting addedLogs shipped to central system (e.g., ELK stack); indexing startsDistributed tracing enabled on key services; sampling rate increased
1M usersHigh cardinality metrics; long-term storage; aggregation and downsamplingLogs volume grows; need log retention policies and archiving; indexing optimizedTraces collected for most requests; storage and query performance optimized
100M usersMetrics sharded and federated; multi-tenant isolation; advanced anomaly detectionLogs stored in scalable object storage; cold and hot storage tiers; AI-based log analysisTraces sampled intelligently; trace data linked with metrics and logs for root cause
First Bottleneck

At small scale, logs stored locally become hard to manage and search as volume grows.

At medium scale, centralized logging systems face storage and indexing bottlenecks due to high log volume.

At large scale, trace data storage and query performance degrade because traces are large and complex.

Overall, the first bottleneck is usually the logging infrastructure because logs grow fastest and require heavy indexing.

Scaling Solutions
  • Metrics: Use aggregation, downsampling, and sharding; employ time-series databases optimized for high cardinality.
  • Logs: Implement centralized log management with scalable storage (e.g., Elasticsearch clusters, cloud object storage); apply log retention and archiving policies; use indexing and compression.
  • Traces: Use sampling strategies to reduce volume; store traces in specialized databases; correlate traces with metrics and logs for efficient debugging.
  • General: Use horizontal scaling for collectors and storage; apply caching and tiered storage; automate alerting and anomaly detection.
Back-of-Envelope Cost Analysis

Assuming 1M users generating 10 requests/sec each:

  • Total requests: 10 million/sec
  • Metrics: 1-10 million data points/sec; requires high-throughput TSDB (e.g., Prometheus, Cortex)
  • Logs: Each request generates ~1KB logs -> ~10GB/sec raw logs; needs compression and tiered storage
  • Traces: Sampling 1% -> 100K traces/sec; each trace ~10KB -> ~1GB/sec storage
  • Network: High bandwidth needed for shipping logs and traces; consider local aggregation
Interview Tip

Structure your scalability discussion by:

  1. Explaining the role of each pillar (metrics, logs, traces) in observability.
  2. Describing how data volume grows with users and requests.
  3. Identifying bottlenecks in storage, indexing, and query performance.
  4. Suggesting concrete scaling solutions like sampling, sharding, and tiered storage.
  5. Discussing trade-offs between data fidelity and cost.
Self Check

Your database handles 1000 QPS for logs. Traffic grows 10x to 10,000 QPS. What do you do first?

Answer: Implement log sampling or filtering to reduce volume, then scale the logging database horizontally with sharding or add replicas to handle increased write load.

Key Result
Logging infrastructure is the first bottleneck as log volume grows fastest; scaling requires sampling, sharding, and tiered storage across metrics, logs, and traces.

Practice

(1/5)
1. Which of the following best describes the role of metrics in microservices monitoring?
easy
A. They track the path of a request through multiple services.
B. They record detailed events and errors in the system.
C. They provide numerical data about system performance over time.
D. They store configuration settings for microservices.

Solution

  1. Step 1: Understand what metrics represent

    Metrics are numerical measurements like CPU usage, request counts, or latency that show system health over time.

  2. Step 2: Differentiate metrics from logs and traces

    Logs record events, traces follow request paths, but metrics summarize performance data.

  3. Final Answer:

    They provide numerical data about system performance over time. -> Option C

  4. Quick Check:

    Metrics = numerical performance data [OK]
Hint: Metrics = numbers about performance, not events or paths [OK]
Common Mistakes:
  • Confusing metrics with logs as event records
  • Thinking traces are numerical data
  • Assuming metrics store configurations
2. Which syntax correctly represents a log entry in a microservice system?
easy
A. [2024-06-01 12:00:00] ERROR Failed to connect
B. {"timestamp": "2024-06-01T12:00:00Z", "level": "ERROR", "message": "Failed to connect"}
C. Failed to connect
D. ERROR 2024-06-01T12:00:00Z Failed to connect

Solution

  1. Step 1: Identify standard log formats

    JSON format is widely used for structured logs in microservices for easy parsing and querying.

  2. Step 2: Compare options for correctness

    {"timestamp": "2024-06-01T12:00:00Z", "level": "ERROR", "message": "Failed to connect"} is a valid JSON log entry with timestamp, level, and message fields. Others are less structured or not JSON.

  3. Final Answer:

    {"timestamp": "2024-06-01T12:00:00Z", "level": "ERROR", "message": "Failed to connect"} -> Option B

  4. Quick Check:

    Structured JSON logs = {"timestamp": "2024-06-01T12:00:00Z", "level": "ERROR", "message": "Failed to connect"} [OK]
Hint: Logs are best as structured JSON for easy use [OK]
Common Mistakes:
  • Using unstructured plain text logs
  • Confusing XML-like logs with JSON
  • Ignoring timestamp or level fields
3. Given this trace data snippet for a request through three microservices, what is the total time spent processing the request?
{
  "traceId": "abc123",
  "spans": [
    {"service": "A", "duration_ms": 50},
    {"service": "B", "duration_ms": 30},
    {"service": "C", "duration_ms": 20}
  ]
}
medium
A. 100 ms
B. 50 ms
C. 30 ms
D. 20 ms

Solution

  1. Step 1: Understand trace spans and durations

    Each span shows time spent in a service. Total time is sum if services are sequential.

  2. Step 2: Sum durations of all spans

    50 ms + 30 ms + 20 ms = 100 ms total processing time.

  3. Final Answer:

    100 ms -> Option A

  4. Quick Check:

    Sum spans durations = 100 ms [OK]
Hint: Add all span durations for total trace time [OK]
Common Mistakes:
  • Taking only the longest span as total time
  • Ignoring some spans in calculation
  • Confusing traceId with duration
4. A developer notices that logs are missing trace IDs in a microservices system. What is the most likely cause?
medium
A. Services are using different programming languages.
B. Metrics collection is disabled.
C. Logs are stored in a different database.
D. Trace context is not propagated between services.

Solution

  1. Step 1: Understand trace ID propagation

    Trace IDs must be passed along service calls to link logs and traces.

  2. Step 2: Identify cause of missing trace IDs

    If trace context is not propagated, logs won't have trace IDs, breaking trace-log correlation.

  3. Final Answer:

    Trace context is not propagated between services. -> Option D

  4. Quick Check:

    Missing trace IDs = missing context propagation [OK]
Hint: Trace IDs must flow between services to appear in logs [OK]
Common Mistakes:
  • Confusing metrics with trace IDs
  • Assuming storage location causes missing IDs
  • Blaming programming language differences
5. You are designing a microservices system and want to implement the three pillars: metrics, logs, and traces. Which approach best ensures scalability and effective monitoring?
hard
A. Use a centralized monitoring system that collects metrics via Prometheus, logs via ELK stack, and traces via OpenTelemetry.
B. Store all logs and traces locally on each service to reduce network overhead.
C. Only collect metrics and ignore logs and traces to save storage space.
D. Send all raw logs and traces directly to the client application for analysis.

Solution

  1. Step 1: Identify best practices for scalable monitoring

    Centralized systems like Prometheus for metrics, ELK for logs, and OpenTelemetry for traces are industry standards for scalability and analysis.

  2. Step 2: Evaluate options for scalability and effectiveness

    Local storage limits analysis and scalability; ignoring logs/traces loses insights; sending raw data to clients is inefficient and insecure.

  3. Final Answer:

    Use a centralized monitoring system that collects metrics via Prometheus, logs via ELK stack, and traces via OpenTelemetry. -> Option A

  4. Quick Check:

    Centralized, specialized tools = scalable monitoring [OK]
Hint: Centralize collection with proven tools for all three pillars [OK]
Common Mistakes:
  • Storing logs/traces locally only
  • Ignoring logs or traces
  • Sending raw data directly to clients