A Best Practice Guide to Monitoring and Observability
Introduction
Summary of digital experience monitoring best practices
Best Practices
| Description |
|---|---|
Implement RUM | Capture actual user interactions from browsers to reveal performance issues that only appear in specific environments. RUM data shows you bugs or API timeouts hitting some of your customers that synthetic tests would never catch. |
Implement synthetic monitoring | Run simulated user interactions, including testing the availability of key web pages or simulating an end-to-end transaction on a schedule from controlled environments to establish baselines and catch problems before users do. These checks provide consistent measurements for service level agreement (SLA) reporting, enabling the proactive detection of issues during off-peak hours. |
Connect with full-stack observability | Link front-end symptoms to back-end root causes through distributed tracing and correlation IDs. Full-stack observability reveals exactly where time is lost across your entire application stack, transforming hours of manual investigation into minutes of guided troubleshooting. |
Leverage AIOps for faster MTTD, MTTU, and MTTR | Use ML to detect anomalies, correlate symptoms, and cluster related alerts automatically. Overwhelming alerts can be consolidated into a single incident with a clear root cause and remediation steps. |
Continually improve the digital experience | Mine observability data for optimization opportunities beyond fixing problems. Small improvements compound into significant gains: optimizing images, deferring JavaScript loading, and adding database indexes can cut page load times in half and directly increase revenue. |
Implement real user monitoring
Strategic page selection
Storage costs and analysis overhead make monitoring everything impractical. The pages that matter most to your business deserve priority.
Consider revenue-driving pages as a strong starting point: your homepage, landing pages from campaigns, and every step of the checkout funnel. High-traffic, authenticated areas, such as user dashboards, are next in priority. E-commerce sites benefit from instrumenting complete user journeys. Consider the user's experience through the browse path from the homepage to a category and then to a product, the purchase flow from the cart to checkout and confirmation, and the support journey from the help center to contact form submission.
Before committing to 100% sampling, consider your data volume. One million monthly pageviews at 3KB per beacon generate 3GB of data. High-traffic informational pages may require only 10% sampling, while checkout pages deserve 100% coverage.
Business transaction naming
Developers name URLs for code organization, not business understanding. For example, your checkout page might be named /app/store/proc/fin_v2, but that is meaningless to everyone except the developer who wrote it. Mapping these technical URLs to business names in your RUM configuration enables you to transform cryptic paths into understandable metrics. Use "Account Dashboard" instead of /usr/acct/dashboard; now, anyone can identify which pages need attention.
Understanding RUM metrics
Four metrics drive immediate action when monitoring real user experience:
Metric | Target | Problem Threshold | What It Reveals |
|---|---|---|---|
Time to first byte (TTFB) | <200ms | >600ms | Server response time plus network latency. High values indicate back-end bottlenecks, database slowdowns, or Content Delivery Network (CDN) configuration issues. |
Largest Contentful Paint (LCP) | <2.5s | >4s | The instance the main content becomes visible to users. Critical for perceived performance and Google SEO rankings. |
Interaction to Next Paint (INP) | <200ms | >500ms | How quickly your page responds to user interactions throughout their entire visit. High INP reveals JavaScript execution problems or main thread blocking. |
Cumulative Layout Shift (CLS) | <0.1 | >0.25
Milliseconds (ms)
seconds (s)
| Visual stability as the page loads. High values mean elements jump around, causing users to click the wrong buttons or lose their reading position. |
These Core Web Vitals directly impact both user satisfaction and search engine rankings. TTFB tells you if the problem is at your back end, while LCP, INP, and CLS reveal front-end issues that frustrate users.
RUM capability offered by SolarWinds automatically tracks these metrics once you add the JavaScript snippet to your pages. The platform correlates this performance data with user geography, browsers, and operating systems, revealing patterns such as "INP spikes to 800ms for Safari users on older iPhones" or "Australian users experience 900ms TTFB due to CDN gaps."
When configuring RUM, you'll set satisfaction thresholds, typically 4 seconds for a Satisfied load time. The platform will then categorize every user session as Satisfied, Tolerating, or Frustrated, giving you clear targets for optimization.
User environment filtering
RUM data includes browser, device, and location details that reveal environment-specific problems. Mobile devices typically show double the load times of desktops, while Safari, for example, might throw errors that Chrome handles perfectly. Geographic location matters too: users in Sydney might experience high TTFB when your nearest CDN node sits in Singapore, adding unnecessary network latency to every request.
Filtering RUM data using these criteria turns vague reports into specific bugs. For instance, "the site is slow" should be "Safari users on iOS 15 experience 4-second delays on the checkout page."
Correlating traffic to performance
Performance often degrades with traffic, but the exact relationship reveals your bottlenecks. Linear degradation suggests healthy scaling, meaning each additional user adds consistent overhead. Nonlinear degradation signals problems such as connection pool exhaustion, lock contention, or memory pressure.
Tracking performance at different load levels could reveal some patterns. If response times stay flat until 500 concurrent users and then spike, you've found your ceiling. If doubling traffic quadruples response time, you have a scalability crisis. These patterns guide capacity planning better than any forecast model.
Implement synthetic monitoring
Synthetic monitoring tests your application proactively using simulated user interactions. These checks run on a schedule from controlled environments, catching problems before users encounter them.
Technical implementation
HTTP availability checks provide a simple starting point before building complex transaction monitors for critical workflows. Basic availability monitoring requires only a URL and success criteria, like in this example:
{
"check_type": "http",
"url": "https://api.yourapp.com/health",
"timeout": 5000,
"assertions": [
{ "type": "statusCode", "value": 200 },
{ "type": "responseTime", "value": "<1000" }
],
"locations": ["us-east-1", "eu-west-1", "ap-south-1"],
"interval": 60
}Beyond simple availability checks, synthetic transaction monitoring validates critical user journeys. Transaction tests execute multi-step workflows, such as user login, product search, and checkout completion, exactly as real users would. These tests verify functionality and performance, catching issues such as broken checkout flows or slow database queries before deployment.
For developers, synthetic transactions provide a powerful debugging tool. Running the same transaction repeatedly from consistent locations isolates performance variations. Is the slowdown happening for all users or just specific regions? Does it occur constantly or only during certain operations? This controlled testing environment accelerates root cause analysis.
Complex workflows need scripting. A recorder can capture your interactions and automatically generate scripts. Here is an example of a typical recording log:
// Purchase flow synthetic check
await page.goto('https://shop.example.com');
await page.type('#search-box', 'wireless headphones');
await page.click('#search-submit');
await page.click('[data-product-id="12345"]');
await page.click('#add-to-cart');
await page.goto('https://shop.example.com/cart');
await page.click('#checkout-button');
assert(page.url().includes('/checkout'), 'Checkout failed');
Runtime settings should match those of your actual users. For instance, testing with both Chrome and Safari could reveal browser-specific issues. Including 3G connection speeds alongside broadband catches performance problems affecting mobile users. Mobile viewports matter when a significant portion of your traffic comes from phones.
Strategic check frequency
Check frequency requires balancing detection speed against overhead. Your homepage benefits from 60-second availability checks, since it serves as your front door. Critical transaction workflows, such as login, checkout, and payment processing, should run every 5 – 15 minutes to validate both functionality and performance. Given their lower traffic and criticality, internal admin pages might need only hourly checks.
Also consider the load you're adding. A five-step transaction taking 10 seconds and running every 5 minutes from three locations creates 8,640 synthetic sessions monthly. That translates to 432,000 HTTP requests hitting your infrastructure, so capacity planning is essential.
Preventing false positives
Global outage configuration: The defaults are two consecutive test failures in any region for website and Uniform Resource Identifier entities, or one consecutive test failure in any region for synthetic transactions (source).
CI/CD assimilation
# Example: GitLab CI/CD Pipeline
post-deployment-validation:
stage: verify
script:
- npm run synthetic-check --suite=critical --env=staging
- sleep 30 # Wait for application warm-up
- npm run synthetic-check --suite=full --env=staging
rules:
- if: '$CI_COMMIT_BRANCH == "main"'
allow_failure: false
When not to run synthetic checks
{
"maintenance_windows": [
{
"name": "Weekly Maintenance",
"schedule": "0 2 * * SUN", // Sunday 2 AM
"duration": 120, // minutes
"checks": ["all"]
}
]
}
Analyzing trends
Synthetic monitoring's consistency makes it perfect for tracking performance changes over time. Because synthetic transaction tests and availability/performance checks run from the same locations with identical parameters, they provide reliable baselines for comparison across days, weeks, and months.
These trend analyses serve multiple purposes. Week-over-week comparisons help you spot gradual performance degradation before it becomes critical. For instance, a checkout process that progressively slows down from 3.2 to 4.1 seconds over several weeks signals that recent deployments or growing data volumes are impacting performance. A release-over-release analysis validates whether your optimizations actually improve performance. Monthly trending identifies seasonal patterns and capacity needs before peak traffic arrives.
Synthetic data also provides trustworthy SLA reporting. Because these measurements come from consistent, controlled tests rather than variable user sessions, they offer defensible metrics for uptime and performance commitments. When stakeholders question availability numbers, synthetic monitoring provides objective evidence from multiple geographic locations.
Using synthetic checks and real user monitoring together
It is best practice to use synthetic checks in tandem with RUM instead of choosing between the two. Synthetic checks can be viewed as a proactive, continuous audit to monitor core business transactions and to understand your baselines. Once a problem is detected with a synthetic check, RUM provides more diagnostic depth. The RUM component captures real user interactions to determine the root cause of the incident detected by the synthetic check. This is done by observing actual sessions as they move through a broken system, revealing the problem and identifying whether it is isolated to a specific browser or geographic location, for example. That’s information that a synthetic check doesn't provide.
Within a DEM strategy, you can use synthetic checks to tell you when something breaks down in a controlled environment, and then leverage RUM to find out who is affected and why it failed. Together, these features can accelerate the diagnosis and resolution process. Synthetic transaction tests and performance checks can also be run when a web application is in development to help developers identify issues before putting the application into production.
Connect with full-stack observability
Front-end slowness often originates deep in your back end. For example, a page taking 6 seconds to load might spend 5.5 seconds waiting for a database query. Full-stack observability connects these dots, showing exactly where time disappears in distributed systems.
Correlating the front end to back-end performance
Distributed tracing links RUM data to back-end services through correlation IDs. A user clicking "checkout" triggers dozens of operations, including inventory checks, payment processing, and shipping calculations, and each process adds time. The correlation ID threads them together, as seen in this example:
// Frontend: Add trace headers to API calls
fetch('/api/checkout', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-Trace-Id': generateTraceId(),
'X-Session-Id': RUM.getSessionId()
},
body: JSON.stringify(cartData)
});
// Backend: Propagate trace context
app.post('/api/checkout', (req, res) => {
const traceId = req.headers['x-trace-id'];
// Pass traceId to all downstream services
await inventoryService.check(items, traceId);
await paymentService.process(payment, traceId);
});
This correlation transforms mysterious slowness into specific bottlenecks. SolarWinds Observability enables you to set up custom event correlation rules that connect related issues across your infrastructure. For organizations running SolarWinds Observability Self-Hosted, here's an example of how you can configure an event correlation alert in the platform:
Event correlation alerts (Y after X) in SolarWinds Platform Self-Hosted. (source)
Investigating slow transactions
Starting with a slow session from your RUM data, for example, a real user who waited 8 seconds for checkout, provides the foundation for investigation. Note the session ID, timestamp, and browser details of this instance. Checking the synthetic results for the same page tells the story. Normal synthetic performance with slow real users points to environment-specific issues, while slow synthetic checks confirm systemic problems affecting everyone.
The page breakdown reveals where time is spent. Modern pages load dozens of resources. When /api/inventory takes 4 seconds while everything else is completed in milliseconds, you've found your target.
Back-end investigation through distributed tracing
[Frontend: 6000ms total]
└─> [API Gateway: 150ms]
└─> [Product Service: 200ms]
└─> [Inventory Service: 4500ms] <-- Bottleneck
└─> [Database Query: 4300ms]
└─> [Pricing Service: 180ms]
Example SolarWinds dashboard showing transaction times and back-end hosts (source).
Infrastructure context
Every span includes infrastructure metadata that tells your platform exactly which pod, container, or VM handled each request. The infrastructure context could reveal some patterns. Perhaps all slow requests hit the same overloaded node, or memory pressure triggers garbage collection pauses, or network congestion consistently delays interservice communication.
SolarWinds maintains transaction context across your entire stack. You can click directly from a RUM session to the application performance monitoring (APM) service view, saving you from manual correlation or guessing which back-end request matches which front-end interaction.
Example SolarWinds dashboard showing a unified view.
SolarWinds Root Cause Assist
SolarWinds Root Cause Assist analyzes patterns across thousands of transactions. For example, instead of investigating each slow request individually, it identifies that 80% of slow checkouts involve the same database table or that payment delays correlate with a specific third-party API. This pattern recognition turns hours of manual investigation into minutes of guided discovery.
A typical Root Cause Assist report by SolarWinds (source).
Real-world investigation
We've learned that a unified approach to monitoring is powerful because it converts abstract data into concrete action. Here's an example of an actual investigation flow to illustrate how you might gain answers using multiple data points.
RUM shows 15% of users experiencing 8-second payment confirmations. Geographic distribution rules out regional issues. Synthetic checks pass. Drilling into affected sessions reveals /api/payment/confirm taking 7.2 seconds.
The distributed trace exposes three external calls: fraud detection (6.8 seconds), payment processor (0.3 seconds), and notifications (0.1 seconds). The fraud detection service times out after 5 seconds and then retries. Infrastructure metrics show normal resource usage.
The culprit turns out to be a third-party API degradation affecting only certain card types. This explains why only 15% of users were affected. Without full-stack observability connecting front-end symptoms to back-end causes, finding this issue would take hours of log diving and correlation. The unified platform made it obvious in minutes.
Leverage AIOps for faster MTTD, MTTU, and MTTR
ML transforms monitoring from reactive firefighting to proactive problem prevention. Instead of manually setting thousands of thresholds, artificial Intelligence for IT operations (AIOps) learns your application's behavior and automatically spots anomalies.
Dynamic baselines reduce false alerts
Static thresholds fail in dynamic environments. Your checkout page may handle 100 requests per minute on Tuesday mornings, but 1,000 during Friday flash sales. Fixed alerts either fire constantly or miss real problems.
This variability is where AIOps proves valuable. Instead of rigid thresholds, AIOps creates adaptive baselines that learn and adjust to your application's natural patterns. An adaptive baseline understands that 3-second response times might be normal during peak Friday traffic but indicate a problem during quiet Tuesday mornings. The system continuously recalculates what "normal" means based on the current context, whether it is time of day, day of week, or traffic level.
Here is how the approach differs:
// Traditional static threshold (problematic)
if (responseTime > 3000ms) { alert() }
// AIOps dynamic baseline (adaptive)
baseline = calculateBaseline(dayOfWeek, hourOfDay, trafficLevel)
deviation = (currentValue - baseline) / standardDeviation
if (deviation > 3.5) { alert() } // Alert on statistical anomalies
The platform learns your patterns. Traffic increases naturally drive response times higher, while spikes without traffic indicate real problems. This context-aware approach cuts false positives by 70% while catching real issues three times faster.
Modern platforms surface these anomalies through visualizations that highlight deviations from baseline behavior. For example, organizations using the self-hosted SolarWinds Platform can view anomaly-based alerts and their status in a unified dashboard:
Self-hosted SolarWinds Platform anomaly-based alerts status view (source).
Root Cause Assist accelerates investigations
Root Cause Assist automatically correlates symptoms across your entire stack, analyzing thousands of data points to identify probable causes. Instead of manually checking dozens of dashboards and logs, the system presents a ranked list of likely root causes with confidence scores.
The table below shows typical correlations the system discovers. Each row represents a real incident where multiple symptoms pointed to a single underlying issue. The confidence percentage indicates how strongly the evidence supports each diagnosis:
Symptom | Correlated Events | Probable Cause | Confidence |
|---|---|---|---|
Checkout five times slower | Database CPU usage 95%, 50 blocked queries | Lock contention from the batch job | 92%
|
API errors spike | Memory 98%, 12 container restarts | Memory leak in Version 2.3.1 | 87% |
TTFB triples | CDN cache hits drop to 10% | Cache invalidation event | 94% |
In the first example, when checkout times jumped from 1 to 5 seconds, Root Cause Assist correlated this with high database CPU usage. It blocked queries, correctly identifying that a batch job was holding table locks. The 92% confidence meant engineers could investigate this specific issue immediately rather than exploring multiple theories.
The platform presents these ranked correlations instead of raw data. Engineers validate probable causes rather than hunting for clues.
Alert clustering reduces noise
One database failure can trigger 50 different alerts, such as slow queries, timeouts, error spikes, and failed health checks, all firing simultaneously. Alert clustering recognizes these related symptoms and intelligently groups them into a single incident, transforming chaos into clarity.
SolarWinds implements this capability through AlertStack, which continuously monitors your alerts and correlates problems that occur simultaneously on related devices. AlertStack pulls together alerts, events, metrics, network configuration changes, server changes, syslog entries, traps, Windows events, and unusual device statuses into unified alert clusters.
AlertStack clusters the related alerts and events into a single view, providing a unified and chronological view of events and impacted entities (source).
Predictive analytics prevents capacity problems
AIOps forecasts capacity needs by correlating business metrics with infrastructure usage. For example, your database might grow by 5GB weekly with 100GB of free space, giving you only 20 weeks until storage is full. However, December traffic doubles your growth rate, dropping the time left by several weeks.
VM capacity planning helps identify when you'll hit CPU or memory limits based on current trends, and network planning identifies future bandwidth bottlenecks. These predictions give you weeks to add capacity instead of scrambling during outages.
SolarWinds VM capacity planning tool (source).
Implementation strategy
Here's a good implementation process you can follow to leverage AIOps:
- Start anomaly detection on critical metrics: response time, error rate, and throughput for key transactions. Let the system learn for two weeks to build accurate baselines.
- Enable Root Cause Assist for your highest-value services first. Correlation accuracy improves as the system learns your architecture's failure patterns.
- Configure alert clustering conservatively. Start by grouping identical alerts, then expand to related alerts as you trust the groupings.
- Use predictive analytics during quarterly planning; predictions need three months of history for accuracy.
The diagram below illustrates an example. A typical database issue generates 50+ individual alerts across multiple services. The ML clustering engine groups these alerts by temporal correlation and service dependencies, while Root Cause Assist analyzes the patterns to identify the underlying problem with 92% confidence. What would overwhelm an on-call engineer with dozens of separate issues is transformed into a single, actionable incident with clear remediation steps.
Example workflow using Root Cause Assist.
Continually improve the digital experience
Meeting service level objectives isn't enough to deliver high-quality user experiences. Your pages might load within acceptable thresholds, but users remember exceptional experiences, not adequate ones. Your observability data contains optimization opportunities that can transform satisfied users into delighted ones.
Front-end optimization wins
- Image optimization delivers immediate gains because that 500KB product photo might shrink to 150KB with WebP encoding, saving 350ms on 4G connections. When you multiply this by 20 products per page, you've just discovered 2 seconds of unnecessary latency that's been hiding in plain sight.
- JavaScript execution blocks everything else: third-party scripts for analytics, chat widgets, and A/B testing tools freeze the main thread. Loading them asynchronously or deferring until after user interaction prevents blocking. Lazy loading Google Analytics improves "First Input Delay by 200ms" to "improves Interaction to Next Paint by 200ms."
- Cascading Style Sheets delivery affects perceived performance. Inline critical styles for above-the-fold content and load complete style sheets asynchronously. Pages feel instant when content appears immediately, even while styles continue loading.
- Caching eliminates redundant downloads. Version your static assets and set year-long cache headers. Returning visitors then skip network requests entirely, saving 1 – 2 seconds per visit.
Back-end performance gains
Back-end optimization often yields bigger wins than front-end tweaking. Database queries hide enormous potential: that missing index could turn a 50ms lookup into a 5-second table scan. Weekly reviews of slow queries can catch these problems.
Composite indexes matching WHERE clauses and denormalized, frequently joined tables can transform performance.
Caching expensive computations, API responses, and query results reduces back-end strain. The Remote Dictionary Server processes cached data in 2ms as opposed to 200ms for database queries. Monitoring hit ratios helps identify ineffective cache keys—anything below 80% suggests optimization opportunities.
Connection pooling requires a balance: too few connections create queues, while too many overwhelm your database. Starting with 10 to 20 connections per application instance provides a baseline. Watching connection wait times reveals the sweet spot for your specific workload.
CI/CD performance gates
Every deployment risks performance regression. Automated performance validation catches problems before they reach production.
Running synthetic checks against staging environments before promoting builds helps catch degradation quickly, while comparing current performance to baseline metrics identifies problems. Deployments that degrade performance by more than 10% should be blocked. Automatic rollbacks triggered by RUM data minimize the impact when problems slip through. The system can revert deployments automatically when errors spike or performance degrades within 15 minutes.
Making impact visible
Performance metrics should be displayed where everyone can see them updated. Developers write faster code when they see its impact, and product managers prioritize performance work when they understand the revenue cost of milliseconds.
p50, p90, and p99 response times for critical paths alongside trending Apdex scores make performance tangible. Performance budgets with clear red/yellow/green status create accountability. Correlating technical metrics with business key performance indicators (KPIs) helps everyone understand the real impact.
Celebrating wins matters: a 500ms improvement might save users 40+ hours of waiting on a daily basis. Quantifying impact in terms of user time saved, bounce rate reduced, or revenue recovered gives performance improvements the recognition they deserve.
Example SolarWinds KPI widget (source).
Final thoughts
Digital experience monitoring reveals what your users deal with when they use your site. RUM captures real-world performance across thousands of browser, device, and network combinations, while synthetic monitoring simulates real users and provides consistent baselines, catching problems before users do. Together, they create complete visibility into your application's behavior.
Full-stack observability connects front-end symptoms to back-end causes. Guessing gives way to knowing.
AIOps transforms monitoring data into action. Anomaly detection catches problems that static thresholds miss, while Root Cause Assist correlates dozens of symptoms into probable causes, and AlertStack reduces hundreds of alarms to a handful of real incidents. Your team spends time fixing problems, not finding them.