Engineering Systems That Humans Can Debug
It is 2 AM. A page fires. Revenue is dropping. The on-call engineer opens the dashboard. Latency is spiking on the checkout service. They open the logs. Thousands of lines of unstructured text scroll past. They search for the request ID from the alert. No results - the checkout service uses a different request ID format than the alerting system.
They SSH into the machine. They tail the logs. They find an error: "connection refused." Which connection? To what? The log does not say. They check the dependency graph. The checkout service calls six downstream services. They start checking each one.
Forty-five minutes later, they find the root cause: a database connection pool was exhausted on the inventory service. The fix takes two minutes. The diagnosis took forty-three.
This is the normal state of most production systems. They are not designed to be debugged. They are designed to run.
Why Most Systems Are Impossible to Debug
Systems become impossible to debug through an accumulation of small decisions, none of which seem wrong individually.
Logs without structure. Engineers write log.info(f"Processing order {order_id}") and call it logging. This produces a human-readable string with no machine-parseable fields. When you need to query "all log lines for order 48291 across all services," you are doing string matching against free-form text.
Missing correlation IDs. A request enters the system through an API gateway. It fans out to five services. Each service logs with its own request ID. There is no shared identifier connecting the API gateway request to the downstream service calls. Reconstructing the full request path requires timestamps, guesswork, and luck.
Metrics without context. The dashboard shows p99 latency spiked to 3 seconds. But it does not show which endpoint, which customer segment, or which downstream dependency caused the spike. The metric is aggregated to the point of uselessness for diagnosis.
OPAQUE SYSTEM DEBUGGABLE SYSTEM
────────────── ─────────────────
Log: "Error processing Log: {"level": "error",
request" "service": "checkout",
"correlation_id": "req-7f3a",
Which request? "order_id": "ord-48291",
Which service? "error": "connection_refused",
What error? "dependency": "inventory-svc",
"attempt": 2,
"duration_ms": 3042}
───────────── ─────────────────
Metric: checkout_latency_p99 Metric: checkout_latency_p99
= 3.2s = 3.2s
Labels: endpoint=/api/checkout
What caused it? dependency=inventory-svc
No idea. error_type=timeout
customer_tier=enterprise
Root cause: inventory service
timeout affecting enterprise
checkout endpoints.
───────────── ─────────────────
Trace: (none) Trace: req-7f3a
→ checkout-svc 120ms
→ fraud-svc 45ms ✓
→ inventory-svc 3042ms ✗ timeout
→ payment-svc (not reached)
Time to diagnose: 45 min Time to diagnose: 3 minObservability Matters More Than Performance
Teams invest enormous effort optimizing p99 latency from 200ms to 150ms. They invest almost nothing in making the system debuggable when that latency spikes to 3 seconds.
The optimization saves 50ms per request during normal operation. The debuggability saves 40 minutes per incident. If the system has one incident per week, debuggability saves more engineering time than the latency optimization.
A system that runs fast but is impossible to debug will eventually cost more engineering time than a slightly slower system that is easy to diagnose. Invest in observability before you invest in performance.
This is not an argument against performance. It is a priority argument. Observability infrastructure - structured logging, distributed tracing, contextual metrics - should be in place before performance optimization begins. You cannot optimize what you cannot measure, and you cannot diagnose what you cannot trace.
Designing for Debuggability
Structured Logging
Every log line should be a structured event with machine-parseable fields. The correlation ID, service name, operation, and relevant entity IDs should be fields, not embedded in a string.
# Before: unstructured log
logger.info(f"Processing order {order_id} for user {user_id}")
# After: structured log
logger.info("order.processing", extra={
"correlation_id": correlation_id,
"order_id": order_id,
"user_id": user_id,
"step": "payment_authorization",
"attempt": retry_count,
})
Structured logs enable queries: "Show me all events for order 48291 across all services, ordered by timestamp." This query is impossible with unstructured logs. With structured logs, it is a simple filter.
Correlation IDs Everywhere
A correlation ID is generated at the system boundary - the first API call - and propagated through every service call, every event, and every log line in the request's lifecycle.
// Middleware: extract or generate correlation ID
app.use((req, res, next) => {
req.correlationId = req.headers["x-correlation-id"]
|| crypto.randomUUID();
res.setHeader("x-correlation-id", req.correlationId);
// Attach to all downstream calls
req.httpClient = httpClient.withHeaders({
"x-correlation-id": req.correlationId,
});
// Attach to all log lines
req.logger = logger.child({
correlation_id: req.correlationId,
});
next();
});
The correlation ID must be propagated across every boundary: HTTP calls, event emissions, queue messages, background jobs. One service that drops the correlation ID breaks the trace for the entire request.
Contextual Metrics
Metrics need labels that enable diagnosis, not just detection. A latency spike is detected by the aggregate metric. It is diagnosed by the labels.
# Detection only (not useful for diagnosis)
metrics.histogram("request_duration", duration_ms)
# Detection + diagnosis
metrics.histogram("request_duration", duration_ms, labels={
"service": "checkout",
"endpoint": "/api/checkout",
"dependency": slowest_dependency,
"status": response.status_code,
"customer_tier": customer.tier,
})
With labels, the alert "checkout latency spiked" immediately leads to "the spike is on /api/checkout for enterprise customers, caused by timeouts to the inventory service." Without labels, the same alert leads to 20 minutes of manual investigation.
Designing for Incidents
The most important question during an incident is: "What changed?" Design your system to make this question answerable.
- Deploy tracking. Record every deployment with its timestamp, services affected, and commit range. When latency spikes correlate with a deployment timestamp, the root cause is likely in the deployed changes.
- Configuration change logging. Feature flags, environment variables, and infrastructure changes should be logged with timestamps. Configuration changes cause incidents more often than code changes.
- Dependency health dashboards. Show the health of every external dependency on a single page. During an incident, this immediately narrows the search space.
The Investment Is Front-Loaded
Observability infrastructure is cheap to build and expensive to retrofit. Adding structured logging to a new service takes an hour. Retrofitting it across twenty services with inconsistent log formats takes months.
The same is true for correlation IDs. If every service propagates them from the start, the system is debuggable by default. If only some services propagate them, the traces are incomplete and debugging still requires guesswork.
Build observability into the system from the beginning. Not after the first major incident. Not when the team grows. Not when the system "gets complex enough." The system is already complex enough. You just have not had the incident yet.
The best systems are not the ones that never fail. They are the ones where, when something fails, a human can understand what happened in minutes, not hours.
References
- Google SRE Book: Monitoring Distributed Systems- Google SRE
- Observability Engineering- Honeycomb / O'Reilly
- Distributed Tracing at Uber- Uber Engineering Blog
- Keeping Netflix Reliable Using Prioritized Load Shedding- Netflix Technology Blog