Articles

Observability Platform: Core Architecture Secrets

April 16, 2026 6 min read

The most surprising truth about designing an observability platform for distributed systems is that its primary goal isn’t just to see what’s happening, but to understand it with a speed and depth that would be impossible otherwise.

Imagine a microservices architecture where a single user request might traverse dozens of services. Here’s a simplified trace of what that might look like in our observability platform:

{
  "trace_id": "a1b2c3d4e5f67890",
  "span_id": "001",
  "parent_span_id": null,
  "service_name": "frontend-api",
  "operation_name": "GET /users/{id}",
  "start_time": "2023-10-27T10:00:00Z",
  "end_time": "2023-10-27T10:00:00.050Z",
  "tags": {
    "http.method": "GET",
    "http.url": "/users/123",
    "http.status_code": 200,
    "user.id": "123"
  },
  "logs": [
    {
      "timestamp": "2023-10-27T10:00:00.010Z",
      "fields": {
        "message": "Received request",
        "log.level": "info"
      }
    }
  ],
  "children": [
    {
      "span_id": "002",
      "service_name": "user-service",
      "operation_name": "db.query",
      "start_time": "2023-10-27T10:00:00.020Z",
      "end_time": "2023-10-27T10:00:00.040Z",
      "tags": {
        "db.system": "postgresql",
        "db.statement": "SELECT * FROM users WHERE id = $1",
        "db.row_count": 1
      },
      "logs": [
        {
          "timestamp": "2023-10-27T10:00:00.025Z",
          "fields": {
            "message": "Executing SQL query",
            "log.level": "debug"
          }
        }
      ],
      "children": []
    }
  ]
}

This JSON represents a single trace, a complete journey of a request through your system. Each object within the children array is a "span," a unit of work within a service. The trace_id links all spans for a single request, while span_id and parent_span_id define the causal relationships. We can see here the frontend-api called the user-service which then performed a database query.

The core problem an observability platform solves is the inherent opacity of distributed systems. When services are spread across machines, networks, and even cloud providers, understanding the flow of data, identifying bottlenecks, and debugging failures becomes a monumental task. Observability provides the tools to pierce this veil by collecting three key types of telemetry:

  • Traces: As shown above, these capture the end-to-end journey of a request, showing latency and dependencies between services.
  • Metrics: Numerical measurements aggregated over time (e.g., request rate, error rate, CPU utilization). These give you a high-level view of system health and performance trends.
  • Logs: Timestamped records of events within individual services. These provide granular detail for debugging specific issues.

The magic happens when these signals are correlated. A spike in the http.status_code (from traces) for /users/{id} might be directly linked to a surge in db.errors (from metrics) originating from the user-service’s PostgreSQL instance, and further investigated by examining error level logs from that service around the same time.

To build such a platform, you’ll need components for collection, processing, storage, and visualization.

  1. Collection: Agents (like OpenTelemetry Collector or Prometheus exporters) deployed alongside your services or as sidecars. They gather traces, metrics, and logs.
  2. Processing/Ingestion: A pipeline that receives raw telemetry, enriches it (e.g., adding environment tags), samples traces (to manage volume), and routes it to the appropriate storage. Kafka is a common choice here for decoupling.
  3. Storage: Specialized databases optimized for time-series data (Prometheus, VictoriaMetrics for metrics) and trace data (Jaeger, Tempo, ClickHouse). Elasticsearch is also used for logs.
  4. Visualization/Querying: A frontend (Grafana is standard) that allows users to query and visualize the data. This includes dashboards for metrics, trace exploration UIs, and log search interfaces.

The key levers you control are:

  • Sampling Strategy: How much trace data do you keep? Too little, and you miss rare errors. Too much, and storage costs skyrocket. Common strategies include probabilistic sampling (e.g., keep 1% of all traces) or head-based sampling (decide at the start of a trace).
  • Cardinality Management: High-cardinality tags (e.g., user IDs, request IDs) in metrics can explode storage and query performance. Careful design of metric labels is crucial.
  • Retention Policies: How long do you keep raw data? Metrics might be kept for years, traces for weeks, and logs for days, depending on cost and compliance.
  • Alerting Rules: Defining thresholds and conditions on metrics and logs that trigger notifications when system health degrades.

When you configure your tracing instrumentation, you’ll often encounter a service.name attribute. This isn’t just a label; it’s the primary identifier for grouping all operations performed by a particular application component. If you have multiple instances of your user-service running, they should all report the service.name as user-service so that their telemetry can be aggregated and analyzed as a cohesive unit in your observability backend. Failing to standardize this service.name across all instances will result in fragmented, unmanageable trace data that appears to come from distinct, unknown services.

The next major hurdle you’ll face is implementing effective alerting based on the correlated signals you’ve collected.

Want structured learning?

Take the full Distributed Systems course →