How metrics summarize behavior over time, where they support trend analysis and alerting, and what they lose compared with logs and traces.
Metrics are structured measurements recorded over time. They answer questions such as how often something is happening, how long it usually takes, whether error rate is rising, whether capacity is saturating, and whether a service is drifting away from its reliability target. That makes them the most compact and trend-friendly of the core telemetry families.
Their power comes from aggregation. A metric compresses many local events into a time-series view that operators can threshold, chart, compare, and reason about across hours, days, or weeks. This makes metrics ideal for dashboards, SLO calculations, fleet views, anomaly detection, and symptom-based alerting.
The trade-off is that metrics are intentionally less detailed than logs and less causal than traces. A latency histogram can show that tail latency is degrading. It cannot by itself explain which request path, dependency behavior, retry pattern, or tenant segment created that degradation unless the metric design includes the right dimensions and those dimensions are still aggregated carefully enough to stay affordable.
flowchart LR
A["Many individual requests"] --> B["Aggregate into counters,\ngauges, histograms"]
B --> C["Time series storage"]
C --> D["Dashboards"]
C --> E["Alerts"]
C --> F["SLO calculations"]
Metrics are strongest when the question is broad and time-oriented:
These are questions about patterns, not about individual records. That is why metrics should be designed for summarization and comparison.
Metrics help because they compress a large amount of behavior into something legible. They become risky when teams forget what that compression removes. An average latency metric can hide tail pain. A total error count can hide route-level concentration. A system-wide metric can hide one region or one dependency dragging down user experience.
That is why dimensions matter, but only up to the point where they remain operationally sane.
1# Prometheus-style sample
2http_requests_total{service="checkout-api",route="/orders",status="200"} 812340
3http_requests_total{service="checkout-api",route="/orders",status="500"} 1241
4http_request_duration_seconds_bucket{service="checkout-api",route="/orders",le="0.1"} 601220
5http_request_duration_seconds_bucket{service="checkout-api",route="/orders",le="0.5"} 797410
6http_request_duration_seconds_bucket{service="checkout-api",route="/orders",le="1"} 809880
7http_request_duration_seconds_sum{service="checkout-api",route="/orders"} 289114.34
8http_request_duration_seconds_count{service="checkout-api",route="/orders"} 812340
What to notice:
Metrics are also the bridge between raw telemetry and operational policy. SLIs, SLOs, burn-rate alerts, saturation thresholds, and capacity planning all depend on well-designed metrics. Logs and traces help explain a problem once it is found. Metrics often help determine whether the problem is real enough, large enough, or persistent enough to act on now.
This is why metrics frequently become the first signal family responders consult during an incident. They establish shape and scope quickly, even when they do not yet establish cause.
A metric dashboard can look mature while still being operationally weak. Common problems include:
Metrics are most useful when each one supports a specific operational decision rather than merely decorating a dashboard.
If a dashboard shows stable overall latency while a small but important customer path is degrading badly, what metric-design mistake is most likely?
The stronger answer is that the aggregation scope is too broad. The metric compresses away the route-, region-, or dependency-level distinction that operators actually need.