Skip to content
← all writing

Monitoring vs Observability: How I Finally Understood the Difference

A user once reported that the app was slow. I did what I always do: opened Grafana, checked the dashboards. CPU was fine. Memory was fine. No alerts had fired. By every metric I had set up, the system looked perfectly healthy.

But the app was slow. And I had no idea where to start looking.

I spent close to an hour checking services one by one, mostly guessing. I found the problem eventually, but it took way longer than it should have. That incident stuck with me, and it pushed me to actually sit down and understand the difference between monitoring and observability. Not the textbook definition, but what it means in practice when something breaks and you are the one who has to fix it.

This is my attempt to explain that difference the way I wish someone had explained it to me earlier.

What I Thought Monitoring Was (and Why That Was Incomplete)

When I first set up Prometheus and Grafana, I genuinely thought I had observability covered. I was tracking CPU, memory, error rate, request count. I had alerts configured. If something went wrong, I would know about it.

What I did not fully appreciate is that monitoring is only as useful as the questions you thought to ask when you built the dashboards. You are measuring the things you predict might go wrong. If something breaks in a way you did not anticipate, those dashboards will not help you much, because you never built visibility around that scenario.

The way I now think about it: monitoring answers the question “is the thing I was already watching for happening right now?”

That is genuinely useful. But it has a real blind spot, and I ran straight into it.

What Observability Actually Means

Observability is a bigger idea, and I will be honest that I am still finding edges of it as I go deeper into platform engineering.

The core of it, from what I understand so far, is that an observable system is one where you can figure out what is wrong just by looking at the data it produces, even for failures you have never seen before. You do not need to deploy new code or add new instrumentation mid-incident. The data is already there.

The framing that helped it click for me: with monitoring, you are looking for problems you predicted. With observability, you can investigate problems you never saw coming.

That is a meaningful difference when you are staring at a green dashboard and a user is still telling you something is broken.

The Three Types of Data That Make It Work

Observability is usually built around three pillars. The terminology gets referenced constantly in platform engineering conversations. What took me a while to really internalize was not what each pillar was called, but what each one actually solved for during a real incident. Here is how I think about them now.

Metrics

This is what Prometheus gives you, and it is where most teams start. Numbers, measured over time. Request rate, error rate, CPU usage, memory consumption. Metrics are good at showing you trends and triggering alerts. They tell you that something is off with the system overall.

The limitation I ran into is that metrics are aggregates. They can tell you that your error rate climbed, but they cannot tell you which specific request failed or what path it took through your system before failing.

Logs

Logs are the timestamped record of events your application emits while it runs. A database query executing. An authentication attempt failing. A background job completing. They give you a lot more detail than metrics can.

The tricky part is that logs from a single service only tell part of the story. When a user request touches several services before something fails, you end up with separate logs across all of them and no obvious thread to pull that connects them back to that one request.

Traces

This is the one I was missing, and the one that made the most things click for me.

A trace follows a single request through your entire system, recording how long each step took. When your app is slow and your dashboards look fine, a trace might show you something like this:

User Request (total: 2.1s)
  API Gateway         →  4ms
  Auth Service        →  1.8s  ← here is the problem
  Application Server  →  3ms
  Database            →  6ms

That 1.8 seconds on the auth service is immediately obvious. Without tracing, I would have spent another hour not finding that. With it, I find it in a few minutes.

When you combine traces with logs, you can also drill into that slow auth service request and read what actually happened during those 1.8 seconds. The trace shows you where the problem is. The logs help explain why.

That combination is what makes it possible to debug problems you have never seen before, which is really the whole point.

How This Connects to Platform Engineering

I am currently in the middle of transitioning from DevOps into platform engineering, and this distinction has taken on a slightly different meaning as that shift happens.

In a DevOps role, I was mostly focused on my own systems. In platform engineering, the idea is that you are building the foundation other teams build on top of. That changes the stakes a bit. If a developer on another team has an incident at 2am, they should be able to figure out what is wrong without calling you. That is the goal, at least.

A platform that only provides metrics and logs gives those teams monitoring. They can catch the problems they predicted. A platform that also provides distributed tracing gives them real observability. They can investigate problems they did not see coming, on their own, without needing to escalate.

My team currently has metrics and logs in place. Tracing is the next piece we are working on adding, and the teams building on our platform will have a fundamentally different debugging experience once it is in place.

What I Am Taking Away

The monitoring versus observability distinction is one of the clearer things I have worked through in this space, and it has genuinely changed how I think about what good instrumentation looks like.

Monitoring is readiness for what you expected. Observability is readiness for what you did not. If your dashboards only reflect the failures you thought to predict, the incidents that fall outside that list are going to be painful.

If you are already running Prometheus and Grafana and want to move toward full observability, Grafana Loki for log aggregation and Grafana Tempo for tracing are the next natural steps. They integrate directly into Grafana so everything stays in one place. That is the direction my team is heading, and it has been a useful path so far.