Why Real-Time Monitoring Is Less Important Than It Seems

PinIt

Rather than fixating on real-time monitoring for its own sake, businesses should focus on understanding and fixing problems in the most efficient manner.

How important is real-time monitoring? If you asked most monitoring tool vendors today, they’d tell you it’s essential. To manage IT systems today, they like to say, it’s critical to collect and analyze data in real time, as soon it’s produced.

Intuitively, that makes sense. The ability to monitor systems and detect problems in real time is important for fixing them as soon as possible.

In practice, however, monitoring rarely happens in true real time. And fixating on trying to achieve real-time monitoring may undercut your ability to take a healthy, effective approach toward monitoring and performance management.

See also: AIOps as a Real-Time IT Solution: Benefits and Limitations

What is real-time monitoring?

Real-time monitoring means the ability to collect, analyze and report on events that affect IT systems as soon as they happen. If a server stops responding or an application begins taking longer than usual to handle requests, real-time monitoring enables you to detect the issue immediately.

Real-time monitoring is the opposite of looking back at log files after they have been produced, or analyzing a span of application metrics from a period that has already passed, in order to understand the behavior of your systems.

At first blush, real-time monitoring may seem like a critical and obvious type of functionality for managing modern IT environments. After all, don’t you need to detect problems in real time in order to fix them as quickly as possible?

How important is real-time monitoring?

In reality, while it’s true that detecting issues quickly is one important step toward optimizing performance and availability in IT, real-time monitoring may deliver fewer benefits in practice than it appears to offer in theory. There are several reasons why:

  • Monitoring data is not the full picture: The data you can collect from monitoring tools often represents only part of the data you need to gain full visibility and context into an issue. You may need to correlate monitoring data with log files or historical metrics to understand what is really going on.
  • Patterns take time to become relevant: Real-time monitoring tells you what is happening at any given time in your systems. But knowing what’s happening at a specific moment is typically not as important as knowing what the overall trend is. A single application error may not be the sign of a critical problem. A series of application errors that continue over an extended period is. Thus, real-time monitoring isn’t enough to help you detect the patterns and anomalies that really matter for performance optimization.
  • You can’t react in real time: No human engineer can react to a monitoring system alert in real time. There will always be a gap — sometimes of minutes, sometimes of days or hours — between when alerts come in and when someone takes action. In this sense, real-time monitoring delivers little real-time value.

A healthy perspective on real-time monitoring

None of the above should be read as a license to take your sweet time when dealing with monitoring. You should always strive to collect and analyze data quickly — ideally, within minutes of when it appears.

But you should not obsess over true real-time monitoring. If you do, you risk distracting yourself from what really matters.

Don’t spend your time trying to shave every possible millisecond off of the time it takes for alerts to get from your monitoring tools to your engineers. Don’t write monitoring rules that fire alerts immediately before your analytics engines have enough data to assess the issue fully.

Strategies like these might help you monitor things faster, but they won’t help you fix things faster.

Conclusion

As you plan your monitoring and application performance management strategy, don’t get hung up on the idea of real-time monitoring and real-time alerting. As I’ve noted, vendors like to play up their tools’ ability to collect data and send alerts in real time. But collecting data and sending alerts are only the first steps in performance management.

Focus on the bigger picture — understanding and fixing problems in the most efficient manner — rather than fixating on real-time monitoring for its own sake.

Chris Tozzi

About Chris Tozzi

Chris Tozzi is a freelance technical writer and editor, specializing in topics such as DevOps, security, open source, and cloud computing. His most recent book, “For Fun and Profit: A History of the Free and Open Source Software Revolution,” was published by MIT Press in 2017. He is also Senior Lecturer in IT and Society at Rensselaer Polytechnic Institute in Troy, New York.

Leave a Reply