Calculating Costs for
Observability
What Next-generation APM Means for
Your Business
Mar, 2019
Observability is the only way to proactively manage
production systems. Complex systems are the top
challenge facing DevOps teams. Your customers
depend upon you to deliver high reliability without
slowing development productivity. You must invest in
shortening outage durations and eliminating wasted
developer time.
Practitioners of DevOps and business leaders alike are beginning to understand
that in order to scale and operate a service that drives growth and competitive
edge, you must invest in the right tools and approach. Production system
performance and uptime is just one aspect which directly impacts the customer
experience and when you continuously deliver and integrate new features,
systems become more complex and unless tightly managed, business risk goes
up. Observability is a critical requirement that enables teams to level up and
manage ever-increasing complexity.
Distributed systems architectures are inherently complex, and the addition of
continuous integration and continuous delivery (CI/CD) raises the stakes.
Visibility and control are central to success and as delivery systems become
automated, everything becomes more opaque and therefore harder to proactively
manage. Add to this the abstraction layers of containers or a serverless
infrastructure and the team feels farther removed from being in control. As a
result, the number of potential causes for any given issue increases while your
ability to point at any single issue as the cause is becoming much harder.
1
Debugging in production is a requirement for modern teams, especially for teams
who ship frequently. DevOps teams need the best tools to debug issues when
they come up, not just hope they can catch everything in staging. Our customers
tell us that before Honeycomb, they frequently experienced incidents where
problem sources were never identified. Teams can no longer rely on simple
metrics alone to provide the level of insight they need to diagnose and resolve,
especially at scale.
Observable production systems enable you to move beyond locating gnarly bugs
or fixing a problematic incident or outage. Designing your systems to include
observability from the point at which a feature is released allows teams to
immediately learn how it behaves in production and adjust before a critical
outage occurs.
Performance Analysis
When a new feature is shipped, can you clearly see the impact it has on your
systems? As load climbs and you have to choose to add capacity or optimize
code, do you know where to focus in order to make the most impact and keep
your most important customers happy?
Intercom used Honeycomb to evaluate performance across all the
dimensions required to understand how different users and types of
usage affected the performance of a given endpoint. They were able to
both identify the portions of the code needing refactoring as well as
document concrete examples of how they'd improve performance.
How Intercom sped up their busiest endpoint(by as much as
50%)
2
Incident Response
When a user misuses your service, maliciously or otherwise, are you able to
locate the vulnerability in your codebase and then address the problem before
others notice? Do your tools have the power to isolate the source of an attack, or
how many users it may be impacting?
When hackers tried to DOS their service, carwow needed the ability to
query at a level of granularity that their traditional APM tools couldn't
manage, so they turned to Honeycomb
Preventing Bad Actors from Spoiling the Show at carwow
Visibility into 3rd-party Services
If your product relies on external API calls and responses, can you identify the
source of a service slowdown? Do you have the ability to sift through the
information coming from your database, your cache, your load balancers, and
your own code quickly and reliably to know if you should be looking to 3rd party
providers to resolve?
Behaviour Interactive (BHVR) had been using a classic APM approach for
some time to troubleshoot latency issues in their flagship multiplayer
video game, but were unable to identify the source of a service
slowdown—was it in the caching, the database, or somewhere in one of
the numerous external calls? With Honeycomb, they found the issues in
just minutes
Gamers Won't Wait: Dead By Daylight Gets Some Sweet
Attention
3
Addressing Technical Debt
As your organization scales and your product's footprint grows, are you able to
maintain clear sight-lines across your infrastructure as complexity increases?
Can you evaluate systems performance using distributed tracing views and
better understand the interactions among an increasing number of services?
While growing as fast as possible to meet their business demands,
carwow leveraged Honeycomb to follow a request through its entire
life-cycle and understand the impact on different subsystems in the
code, leveraging its cross-team collaboration features to solve issues:
Honeycomb Tracing Drives Efficiencies as carwow Scales
User Happiness and Product Management
Do you understand how the end user experiences your product? Do you notice
when they use features in unexpected ways and can you capture that data for
your product team to investigate?
Using Honeycomb, Intercom discovered one of their users was trying so
hard to use their product in ways they hadn't anticipated that it was
impacting the overall experience of many others—and as a result
informed future product planning for that feature:
Intercom <3 Honeycomb
4
Key capabilities to move the needle on your
observability practice
If you experience any of the following, then you must adopt an observability
approach. This will involve cultural and process-centric changes but for this
document, we will focus on technology tooling that DevOps teams require in
order to fully understand production, debug faster and spend less time fighting
technical debt.
●
Increased frequency of code ships or feature releases
●
Increase in volume of users / customers
●
More questions for engineers from on-call teams
●
Customer complaint issues on the rise
●
Pressure to get new features into production faster.
Technology tooling requirements for an observability practice requires the
following capabilities. Without these, it is extremely difficult to answer the
questions that matter to your production system.
Here are some key capabilities and why they matter:
● Automatic instrumentation of events and traces across
popular languages
Most developers don't enjoy instrumenting their code, yet everyone on the team
needs that telemetry to give context and meaning to ultimately achieve
observability.
Does your solution provide drop-in, immediate, automatic instrumentation
to instrumentation to jump-start your observability practice?
5
● Query performance suitable for rapid iteration and debugging
in production
When your team is in a firefight, the last thing you want to wait for is query
results, whether from ETL delay or slow search performance or worse, no access
to the data set.
Does your solution provide the ability to slice and dice your data across a
number of dimensions in a frictionless way, as well as the ability to
backtrack and try new theories, and still get to the problem source fast?
● Support for flexible queries over many dimensions
More and more, the questions that need to be asked to move the business
forward require the ability to drill down across many aspects of your system data,
but most tools aggregate data, removing the detail required.
Does your solution support fast query response across many fields
containing an arbitrary number of unique values so you can ask the
important questions?
● Intuitive query interface
Seems like every new tool involves learning a new query language, and the
slowdown of the associated learning curve.
Does your solution offer a graphical query interface designed to speed
users to insights and intelligent, data-driven suggestions for investigation
paths when troubleshooting any issue, large or small?
6
● Next-generation anomaly-detection
When something in the data looks unusual, it can take a lot of false starts to get
at what might be the cause, to determine how big an impact it may have. When
production is impacted, speed matters.
Does your solution allow investigators to simply select outliers and
accelerate their validation process by seeing the most likely suspects right
away? Does your solution have a high signal to noise ratio that aids
debuggers rather than slowing them down with red herrings?
● Distributed tracing visualizations in context
Context switching is a known productivity killer.
Does your solution force you to switch tools and re-orient yourself if you
want to try a different visualization? Will that other tool have the same
data-set? Does it give you everything you need to keep investigating and
easily switch to a tracing waterfall diagram with the same data?
● Smart sampling to retain key data points
Relying on metrics means having little or no control over what gets averaged out
of your data.
Can you precisely manage the level and application of sampling so you can
control costs without missing the events that are important to track for your
business?
7
● Fine-tunable data retention policies
Multiple data sources means multiple legal or business requirements for
retention.
Does your solution allow you to rebalance storage allocation and determine
how long you want to keep data in order to meet business needs as you
scale over time?
● Support for open standards such as OpenCensus
Ease of getting data into your tools is critical, and some organizations want to
adhere to open source standards where available.
Does your solution support and provide capabilities for getting data in via
OpenCensus libraries that collect key metrics and distributed traces from
your system services?
● The ability to fully leverage your best talent, past and present
Collaboration is more than just an idea or process approach.
Does your solution encourage each team member to discover past queries
from their teammates and learn by following in their footsteps at every step
in the query construction?
8
Does this seem like a tall order? In many ways, observability is equal parts
process, culture and tooling. Building your own stack or leveraging a myriad of
different tools has drawbacks and costs to the business overall.
If you're thinking of building your own
observability stack
With a homegrown solution, you might start small and expand from there.
Someone on your team provisions a couple of AWS EC2 instances for Logstash,
the cluster nodes, and Kibana, and you might get some useful data flowing into
ELK for your team to troubleshoot problems.
But if you’re doing it *right*, more people will want to use the system and so you
will need to either limit what data you ingest, or scale it up, and that will
dramatically increase your costs year over year.
Consider this breakdown from an IT manager who investigated how much time
would be spent on each of these tasks in order to deploy and run an ELK stack
for a year:
These relatively conservative estimates come out to 344 hours, essentially a
full-time person's workload.
9
Doing the same calculation for deploying Honeycomb, a purpose built technology
to enable system observability reduces the time down to just 40 hours—a single
work-week per year, which is a significantly reduced level of time and money
investment:
And of course, this doesn't take into account the cost of the hardware you would
need to run a home-grown solution—whether on-premise or in the cloud.
What about traces?
Beyond being costly to run, Elastic stack doesn’t allow you to see the full
distributed context of the requests that generated log messages. You could of
course ask your team to use a second tool to access tracing event data, but in
doing so they would then have to re-orient their analysis and investigation, drilling
into a different UI with a different approach and mindset—which can not only
derail an investigation slowing it down but more importantly with less accuracy
and reliability.
This is undesirable when time-to-understanding (and ultimately, resolution) is
critical. Honeycomb provides distributed tracing built in, and with Honeycomb
Beelines, your code is instrumented automatically, including traces.
“The Beelines include insightful and valuable traces by default, they're
built by people who know what is useful. The magic that is there makes
sense.”
- Alex Newman, Co-founder, hCaptcha
Why not offload all that operational overhead to Honeycomb? We are your first
port of call for debugging, and can help you find the right data, in context.
10
If you're thinking of using a vendor to
achieve observability
Metrics tools do well at counting discrete gauges and counters such as number
of jobs queued, host level resource usage, number of requests served by the
system, and so on. Searching is often fast because these systems aggregate, or
average the data by a fixed set of buckets (e.g. host, region, or version). But for
resolving and preventing problematic production issues, your team needs the rich
details and context that Honeycomb provides—and although metrics vendors
claim to offer context, they charge a hefty fee to deliver it.
With standard metrics tools, engineers and ops teams typically work with
counters that track numbers as they change over time. Some common things to
measure are the number of HTTP requests a given app is serving, average
latency, and rate of errors. Each one of these counters or gauges will generate
one unique time series on disk.
That’s good for a basic start at detecting when problems are potentially
occurring, but you need much more context to find out what is going wrong, and
that context is not present in the data if there is only one global counter.
As a result, what happens next is that engineers try to add the context they need
using tags or labels, which generate new time series to track the counter's value
11
summed across each unique set of tags or labels, and those time series add up
fast.
And the multiplicative effect gets greater and greater as you add more tags and
labels. If you want to know which user was associated with a given request,
rather than just what host or container it came from, the cost of storing all that
additional data goes up exponentially. Likewise, to track percentiles in addition to
just averages, you need to create multiples of the metric(s) in question. The
number of time series quickly becomes very expensive to store for tools that
aren’t designed to handle it, much less read it back quickly enough to help you
figure out where issues lie.
Metrics vendors typically limit the number of tags you can define, or simply
charge you the exponentially increasing cost for each combination of tag values
you send. All features that are built in to Honeycomb's solution such as unlimited
queryable fields/columns, tracing, anomaly detection are typically an extra cost
for most metrics providers. These vendors have to charge more to provide
12
observability beyond their basic capabilities because they are compensating for
the cost and performance of their older architecture.
To avoid this problem you must seek an observability tool that is designed to
handle high levels of granularity – data with a lot of distinct possible values—
natively. Honeycomb’s storage model solves this completely by shifting to an
event-based model, where raw values are stored and can be dynamically queried,
instead of aggregating everything up front.
Honeycomb has no limit on dimensions – We encourage the exact behavior that
metrics systems forbid. Add fields to your events like user or team ID. Tag them
with specifics about client versions! Add timers and fields that measure the
behavior of 3rd parties. Honeycomb will happily handle it all, and let you easily
query cross-sections of data in one place.
What about traces?
Widespread use of tracing is new enough that it is an afterthought for most
vendors. Some have acquired early-stage third-party solutions and included them
in their offerings, but the integrations are sub-optimal.
As a result, what's out there does not allow you to truly leverage the context that
exists in your data. Query experience is typically limited to just a few parameters,
which means you're constrained by what the vendor thinks is interesting or
useful.
Honeycomb tracing gives you the most flexibility to dig into what matters to
your business and define "interesting" based on not just trace length, or a few
tags. In Honeycomb, tracing, events, and metrics are all just views into the same
data, so you can apply the method or visualization that is the most effective at
any time to get to the answer faster.
Tracing is not siloed away, requiring engineers to first check the metrics tool,
then the logging tool to get a specific enough ID to look for the right trace.
13
Instead, Honeycomb lets you attach the same set of contexts you apply to your
business across all your debugging efforts.
Build the observability practice your
business needs with Honeycomb
To get the broad set of capabilities and performance you need to achieve an
observable state, you can choose to maintain the high cost of building your own
stack, or take the path of high cost-for-performance last-gen APM/metrics
tools…or you can choose to get an immediate and strong ROI by investing in
Honeycomb that is purposely designed and built for production system
observability.
14
About Honeycomb
Honeycomb provides next-gen APM for modern dev teams to better understand and
debug production systems. With Honeycomb teams achieve system observability
and find unknown problems in a fraction of the time it takes other approaches and
tools. More time is spent innovating and life on-call doesn't suck. Developers love it,
operators rely on it and the business can’t live without it.
Follow Honeycomb on Twitter LinkedIn
Visit us at Honeycomb.io