Data-Driven Observabilty & Logs
Our industry is moving at lightning speed towards distributed service-driven architectures, and engineers are on a quest to improve how they observe these systems as a whole. Adoption of microservices and containerized architectures has elevated the need for developers and operations teams to utilize observability solutions to correlate events, identify threats, and troubleshoot problems effectively. From a business value point of view, managers want observability solutions that allow them to “keep calm” when their software infrastructure and services are hit with incidents or failures.
Many organizations adopt a combination of log management, metrics, and tracing solutions for observability across their infrastructure. We have found though that just “having” these tools does not suffice in ensuring that engineering teams are able to reap value from them. A cultural shift is required.
Excerpt from O’Reilly’s Distributed Systems and Observability Book by Cindy Sridharan
“As my friend Brian Knox, who manages the Observability team at DigitalOcean, said,
The goal of an Observability team is not to collect logs, metrics, or traces. It is to build a culture of engineering based on facts and feedback, and then spread that culture within the broader organization.
The same can be said about observability itself, in that it’s not about logs, metrics, or traces, but about being data driven during debugging and using the feedback to iterate on and improve the product.”
As Brian Knox and Cindy Sridharan mention in the excerpt above, it’s about having an engineering culture that values facts and feedback, “being data driven” during debugging, and using this mindset to iterate, improve, and solve problems.
At Humio, we meet many teams that have yet to access the full value they could derive from their log data. This is not because they do not have or want a “data driven” observabilty engineering culture, but rather that their current log solution “restricts” them from being able to.
Commonly, teams encounter three restrictions with their log solutions:
- Volume: Modern infrastructures generate large amounts of unstructured log data — a lot of time is spent on limiting or deciding what data to send to the system.
- Speed: Slow queries and the latency between index to search phase takes too long. Ultimately, the data isn’t available “fast” enough.
- Simplicity: Logging solutions that are not easy to use, query, deploy, or manage result in limited usage or pleasure in using them.
Data-Driven Log Managment
Our approach at Humio is to remove these restrictions listed above so data-driven observability teams can gain more value from their log data. We want and encourage engineers to send ALL relevant log data and for that data to be accessible. Limiting data based on what a logging solution can handle is restrictive and often, it is the logs that were “left out” that create frustrating debugging scenarios.
Humio is built to scale linearly and efficiently store data so users are not wasting their compute resources. These days, speed matters and by using real-time streaming capabilities for querying and dashboards, Humio superpowers live system visibility for engineers. Our CTO, Kresten Krab Thorup, has written a blog post about how Humio scales and handles data.
For data-driven logging to succeed, engineering teams should want to use it for the value it provides. Humio’s query language and ease of use speeds adoption past just the “ops” team to the developer organizations, making it useful and a shared solution for everyone. One example is how Lunar Way’s developer-driven ops uses Humio across their development and operations team.
Observability Site License
Humio’s approach to logging is valuable for both small and large volume users. The use case I’d like to discuss here is relevant for teams with large logging volumes (multi TB/day). Humio software is available On-Premises at a fixed annual site license price. This enables companies to gain the benefit from access to their large log volumes without volume-based licensing costs or extra manpower required in running complicated cluster logging environments. With this model, organizations can add instances and scale up as their data volumes grow or burst. For observability or infrastructure teams who want to deploy multi-tenant logging infrastructures across development teams within an organization, Humio can provide a simple pricing for a deployment model to address this scenario.
We at Humio believe in the value of data-driven logging and the benefits companies can derive from this in their observability stack. With our simple pricing and unique product, Humio is on a mission to bring this value to engineering teams who’ve been struggling until now.
If you have any feedback to share about data-driven observability and logging, feel free tocontact me at email@example.com.