Backend Monitoring and Logging Patterns
Why reliability, observability, and fast debugging matter more than ever in modern backend systems
Over the last decade, backend systems have shifted from monolithic servers to distributed microservices, event-driven architectures, and serverless functions. With that shift, the surface area for failure has expanded. A single user request may touch an API gateway, an authentication service, a database, a cache, a message queue, and a third-party integration. When something slows down or breaks, asking “what happened?” becomes a multi-dimensional problem. Good monitoring and logging patterns turn that question into something answerable.
If you have ever stared at a blank error page at 2 a.m. or tried to reconstruct a request path from three different log files, you know why this topic matters. This article explains practical patterns that real engineering teams use to observe backend systems, where those patterns fit today, and how to adopt them without drowning in noise or vendor lock-in.
Context: Where monitoring and logging sit in the modern backend stack
Monitoring and logging are not the same. Monitoring focuses on metrics and traces, capturing quantitative signals over time. Logging focuses on events and context, capturing qualitative details about specific operations. In today’s backends, both are necessary because metrics tell you “how much and how fast,” traces tell you “where,” and logs tell you “why.”
Most teams use a combination of tools:
- Metrics: Prometheus, Grafana, Datadog, CloudWatch
- Logs: OpenTelemetry Collector, Fluent Bit, ELK stack (Elasticsearch, Logstash, Kibana), Loki
- Traces: OpenTelemetry, Jaeger, Zipkin
- Alerts: PagerDuty, Opsgenie, or native alert managers
OpenTelemetry has become a de facto standard for instrumenting code across languages. It provides a vendor-neutral way to collect traces, metrics, and logs, and export them to multiple backends. While vendor platforms like Datadog offer turnkey solutions, many teams prefer OpenTelemetry and self-hosted components to avoid lock-in and to keep costs predictable.
Who typically uses these patterns?
- Backend engineers building services in Node.js, Python, Go, or Java
- SREs and platform teams managing infrastructure and SLOs
- Product engineers who need visibility into their APIs and background jobs
Compared to alternatives, a structured logging and metrics-first approach scales better than ad hoc console.log or print statements. Ad hoc logs become unreadable at volume, while traces and metrics let you answer questions like “Is the 95th percentile latency for checkout increasing?” without grepping terabytes of text.
Core patterns: Metrics, logs, traces, and alerts that work in production
Structured logging
Structured logging means emitting logs as machine-readable objects rather than plain text. JSON is common because it’s queryable and integrates well with log aggregators. Structure also enables correlation through request IDs.
Example: A Node.js Express service using Pino for structured logging.
// services/payments/src/index.js
const express = require("express");
const pino = require("pino");
const uuid = require("uuid");
const logger = pino({
level: process.env.LOG_LEVEL || "info",
// Pretty in dev, JSON in prod
transport: process.env.NODE_ENV === "development" ? { target: "pino-pretty" } : undefined,
});
const app = express();
app.use(express.json());
// Correlation ID middleware
app.use((req, res, next) => {
req.id = uuid.v4();
res.setHeader("X-Request-ID", req.id);
req.log = logger.child({ req_id: req.id });
next();
});
// A payment endpoint that logs context
app.post("/v1/charge", async (req, res) => {
const { amount, currency, token } = req.body;
const log = req.log;
if (!amount || !currency || !token) {
log.warn({ amount, currency }, "missing_params");
return res.status(400).json({ error: "missing_params" });
}
try {
// Simulate calling a payment gateway
const result = await fakeGatewayCharge({ amount, currency, token, requestId: req.id });
log.info({ amount, currency, gateway: "fake" }, "charge_ok");
return res.json({ status: "ok", id: result.id });
} catch (err) {
// Always log the error with context, never leak secrets
log.error({ err: err.message, amount, currency }, "charge_failed");
return res.status(500).json({ error: "internal_error" });
}
});
// Minimal fake gateway to demonstrate context propagation
async function fakeGatewayCharge({ amount, currency, token, requestId }) {
// Imagine we pass requestId to the gateway client for tracing
if (token === "blocked") {
const err = new Error("gateway_declined");
err.code = 403;
throw err;
}
return { id: `chg_${requestId}` };
}
const PORT = process.env.PORT || 8080;
app.listen(PORT, () => {
logger.info({ port: PORT }, "service_started");
});
Notes:
- The correlation ID (req_id) ties logs for a single request together.
- We avoid logging secrets (tokens, passwords). We log only non-sensitive context.
- We choose log levels intentionally: info for expected events, warn for recoverable issues, error for failures.
Request tracing and context propagation
Tracing links operations across service boundaries. A trace represents the full path of a request. Spans represent individual operations. OpenTelemetry makes this portable.
Example: Node.js service instrumented with OpenTelemetry and Jaeger.
// services/payments/src/tracing.js
const { NodeSDK } = require("@opentelemetry/sdk-node");
const { getNodeAutoInstrumentations } = require("@opentelemetry/auto-instrumentations-node");
const { Resource } = require("@opentelemetry/resources");
const { SemanticResourceAttributes } = require("@opentelemetry/semantic-conventions");
const { JaegerExporter } = require("@opentelemetry/exporter-jaeger");
const sdk = new NodeSDK({
resource: new Resource({
[SemanticResourceAttributes.SERVICE_NAME]: "payments-service",
[SemanticResourceAttributes.SERVICE_VERSION]: "1.0.0",
}),
instrumentations: [getNodeAutoInstrumentations()],
traceExporter: new JaegerExporter({ endpoint: "http://jaeger:14268/api/traces" }),
});
sdk.start();
// services/payments/src/index.js (traced)
require("./tracing"); // Initialize early
const express = require("express");
const { trace } = require("@opentelemetry/api");
const app = express();
app.use(express.json());
// Minimal instrumentation example using OpenTelemetry API
const tracer = trace.getTracer("payments-service");
app.post("/v1/charge", async (req, res) => {
return tracer.startActiveSpan("charge", async (span) => {
try {
const { amount, currency, token } = req.body;
span.setAttributes({ amount, currency });
if (!amount || !currency || !token) {
span.setStatus({ code: 2, message: "missing_params" });
return res.status(400).json({ error: "missing_params" });
}
// Simulate nested span for gateway call
const gatewaySpan = tracer.startSpan("gateway_fake_call", { parent: span });
await new Promise((r) => setTimeout(r, 50)); // simulate latency
gatewaySpan.setAttribute("gateway", "fake");
gatewaySpan.end();
span.setStatus({ code: 1 }); // OK
return res.json({ status: "ok" });
} finally {
span.end();
}
});
});
app.listen(8080, () => {
console.log("payments service listening on 8080");
});
This setup sends traces to Jaeger. In production, you might export to a vendor backend or to an OpenTelemetry Collector that batches and forwards data.
Metrics and SLOs
Metrics are the backbone of alerting. Use counters for events, gauges for current state, histograms for latency distribution, and summaries for quantiles. Define SLOs (service level objectives) like “99% of requests complete within 400 ms.”
Example: Prometheus metrics in a Python Flask service.
# services/catalog/app.py
from flask import Flask, jsonify, request
from prometheus_client import Counter, Histogram, generate_latest, CONTENT_TYPE_LATEST
import random
import time
app = Flask(__name__)
# Count requests by endpoint and status
REQUEST_COUNT = Counter(
"catalog_requests_total",
"Total requests",
["method", "endpoint", "status"]
)
# Measure latency
REQUEST_LATENCY = Histogram(
"catalog_request_duration_seconds",
"Latency in seconds",
["method", "endpoint"]
)
# Custom business metric
PRODUCT_VIEWS = Counter("catalog_product_views_total", "Total product views", ["product_id"])
@app.route("/products/<product_id>")
def get_product(product_id):
start = time.time()
status = "200"
try:
# Simulate work
time.sleep(random.uniform(0.02, 0.12))
PRODUCT_VIEWS.labels(product_id=product_id).inc()
return jsonify({"id": product_id, "name": "Example Product"})
except Exception as e:
status = "500"
return jsonify({"error": "internal"}), 500
finally:
REQUEST_COUNT.labels(method="GET", endpoint="/products/<id>", status=status).inc()
REQUEST_LATENCY.labels(method="GET", endpoint="/products/<id>").observe(time.time() - start)
@app.route("/metrics")
def metrics():
return generate_latest(), 200, {"Content-Type": CONTENT_TYPE_LATEST}
if __name__ == "__main__":
app.run(host="0.0.0.0", port=5000)
You can scrape this with Prometheus, then visualize in Grafana. Alert rules might look for elevated 4xx/5xx rates or rising p99 latency.
Alert design
Effective alerts follow three rules:
- They are actionable. An engineer should know what to do.
- They have clear severity. Page for user-facing SLO breaches; warn for anomaly detection.
- They avoid flapping. Use windows and burn-rate alerts rather than raw thresholds.
Example: A Prometheus alert rule for elevated error rate.
# prometheus/alerts.yml
groups:
- name: catalog-alerts
rules:
- alert: CatalogHighErrorRate
expr: |
rate(catalog_requests_total{status="500"}[5m]) /
rate(catalog_requests_total[5m]) > 0.02
for: 5m
labels:
severity: page
annotations:
summary: "Catalog error rate above 2% for 5 minutes"
runbook: "https://internal.example.com/runbooks/catalog-high-error-rate"
Log aggregation and correlation
In distributed systems, logs live in many places. Aggregation makes them searchable and correlated. A common pattern is:
- Local logs to stdout (container-friendly)
- Fluent Bit collects and forwards logs
- Loki stores them (index-friendly by labels)
- Grafana queries them
Example: Fluent Bit config to scrape stdout and add labels.
# fluent-bit.conf
[INPUT]
Name tail
Path /var/log/containers/*payments*.log
Parser docker
Tag kube.payments.*
[FILTER]
Name kubernetes
Match kube.*
Kube_URL https://kubernetes.default.svc.cluster.local:443
Kube_Tag_Prefix kube.var.log.containers.
Merge_Log On
[OUTPUT]
Name loki
Match *
Host loki
Port 3100
Labels job=payments,namespace=$KUBERNETES_NAMESPACE
This adds Kubernetes labels to logs, enabling queries like “show error logs for payments-service in production.”
Error context and safe logging
Context helps debugging; secrets hurt security. A practical approach:
- Include request ID, user ID (non-PII), resource ID, and operation name.
- Never log tokens, passwords, or full card numbers.
- Use redaction libraries where possible (e.g., in Node.js or Python).
- Tag sensitive fields and filter at ingestion if needed.
Example: Redacting sensitive fields in Node.js logs.
// services/payments/src/redact.js
const redact = (obj) => {
const safe = { ...obj };
const keys = Object.keys(safe);
for (const k of keys) {
if (/token|password|secret|card/i.test(k)) {
safe[k] = "[REDACTED]";
}
}
return safe;
};
module.exports = redact;
// Usage in the endpoint
const redactedBody = redact(req.body);
log.info({ body: redactedBody }, "processing_request");
Sampling and cost control
High-volume systems can produce massive trace and log volumes. Sampling helps control cost while preserving useful signals.
- Head-based sampling: Decide at the start whether to sample a trace. Simple, but may miss rare errors.
- Tail-based sampling: Decide after observing the whole trace, which captures more errors and high-latency cases. More complex, requires buffering.
OpenTelemetry Collector supports tail-based sampling. Many teams start with head-based sampling at 10% and adjust based on error and latency patterns.
Real-world setup: A minimal project structure
Below is a simple layout for a microservice with observability built in.
services/
payments/
├── src/
│ ├── index.js # Express server
│ ├── tracing.js # OpenTelemetry setup
│ ├── redact.js # Safe logging helper
│ └── routes/
│ └── charge.js # Business logic
├── Dockerfile
├── package.json
└── README.md
infra/
prometheus/
├── prometheus.yml
└── alerts.yml
loki/
└── local-config.yaml
grafana/
└── dashboards/
└── payments.json
For a production deployment, consider:
- Kubernetes for orchestration
- OpenTelemetry Collector as a sidecar for batching and exporting traces/metrics
- Persistent volumes for Prometheus or external storage for long-term retention
- Structured logging via JSON to stdout (12-factor app style)
Evaluation: Strengths, weaknesses, and tradeoffs
Strengths:
- Structure and correlation. Request IDs and traces make debugging predictable.
- Portability. OpenTelemetry lets you switch backends without changing instrumentation.
- Actionable alerts. SLO-based alerts focus on user impact, not vanity metrics.
- Developer experience. Consistent patterns reduce cognitive load.
Weaknesses:
- Overhead. Tracing and logging add CPU/memory. Sampling and careful instrumentation mitigate this.
- Cost. Storing high-cardinality metrics and unbounded logs can be expensive. Cardinality control and retention policies are essential.
- Complexity. Running Jaeger, Prometheus, and Loki adds operational burden. Managed services reduce this but increase vendor dependence.
- Noise. Too many alerts or verbose logs lead to alert fatigue. Fine-tune thresholds and log levels.
When it’s a good fit:
- Services with multiple dependencies and unclear failure modes.
- Teams that need to meet SLOs or debug production issues quickly.
- Systems where cost is manageable and observability is a priority.
When it might be overkill:
- Small prototypes or local tools with no production users.
- Environments with strict data restrictions and no path to redaction.
- Teams without capacity to maintain the observability stack.
Personal experience: Lessons from real projects
In one project, we had a checkout API that intermittently slowed down. Metrics showed high p99 latency, but the cause was unclear. The team had logs but no request IDs, so correlating slow calls was guesswork.
We added structured logging with request IDs using Pino in Node.js. Immediately, we could trace a single user’s path through authentication, payments, and inventory. The next step was OpenTelemetry traces. The traces revealed a hidden N+1 query pattern inside a microservice that only surfaced under certain conditions. Fixing that query reduced p99 latency by 40%.
Another lesson came from alerting. We initially alerted on CPU usage and memory. Those alerts fired often but rarely correlated with user impact. Moving to SLO-based alerts (latency and error rate burn rate) reduced noise. Alerts became rare but meaningful. We kept the CPU and memory alerts for capacity planning, not incident response.
I also learned that log volumes can explode silently. One service accidentally emitted a debug log for every request, producing 50 GB/day. A simple change to log level and a review of log statements reduced volume by 80%. Since then, we added log-level conventions and code reviews for log changes.
Finally, I saw the value of dashboards that tell a story. A good dashboard shows throughput, success rate, and latency by endpoint. It also shows downstream dependencies. When an alert fires, you don’t start from zero; you already have the context.
Getting started: Workflow and mental models
Start with a mental model:
- What are your critical paths? (e.g., login, checkout, webhook)
- What SLOs represent user happiness? (e.g., 99% of requests under 300 ms)
- What signals are noisy vs. meaningful?
Then build iteratively:
- Add structured logs with request IDs to endpoints.
- Instrument critical paths with metrics (counters, histograms).
- Add traces for cross-service calls.
- Set up Prometheus and Grafana locally for feedback.
- Define alerts for error rate and latency burn rate.
- Review and refine log levels and sampling to control cost.
Workflow tips:
- Keep dashboards simple and focused on SLOs. Add detailed dashboards for deep dives.
- Use feature flags to change log levels without redeploying.
- Treat runbooks as code. Link them in alert annotations.
- Practice incident response with mock failures to validate signals.
Free learning resources
- OpenTelemetry docs: https://opentelemetry.io/docs/
- Prometheus docs: https://prometheus.io/docs/introduction/overview/
- Grafana documentation: https://grafana.com/docs/grafana/latest/
- Jaeger docs: https://www.jaegertracing.io/docs/
- Fluent Bit docs: https://docs.fluentbit.io/manual/
- Loki docs: https://grafana.com/docs/loki/latest/
These resources are practical and up to date. OpenTelemetry’s docs are especially useful for instrumentation examples across languages. Prometheus and Grafana cover the metrics side comprehensively. Jaeger and Loki fill the trace and log gaps respectively. Fluent Bit’s documentation helps with log collection and forwarding.
Summary: Who should use these patterns and who might skip them
You should adopt structured logging, metrics, traces, and SLO-based alerting if:
- You run backend services with real users.
- You need to debug production issues efficiently.
- You want to reduce downtime and improve reliability.
You might skip or defer if:
- You are building short-lived prototypes without production traffic.
- Your constraints make redaction or data storage impractical.
- Your team size and system complexity don’t yet justify the overhead.
Takeaway: Monitoring and logging are not just operational polish; they are core engineering practices that make distributed systems manageable. Start small with request IDs and metrics, grow into traces and SLOs, and refine continually. With thoughtful patterns, you can turn “what happened?” into a quick answer and a better product.
