How Unified Observability Transforms Quality Management in Cloud‑Native Environments

1. Introduction

Under cloud‑native and DevOps development models, a system generates massive logs, metrics, events, and alerts throughout its lifecycle, posing significant challenges for enterprise quality platforms. This talk discusses best practices for quality construction from an observability perspective.

2. Quality Construction Pain Points

Observability is crucial in cloud‑native development, providing deep insight into system health via logs, metrics, and traces. However, many focus on observability only after deployment, missing opportunities to assess quality throughout development, testing, and release stages.

The quality observation lifecycle can be divided into four stages:

Development: focus on code quality, static analysis, dependency checks, and defect density metrics.

Testing: focus on test coverage and failure rates.

Canary verification: monitor stability and version differences using business metrics such as HTTP error rates and latency.

Production: monitor system and business stability using performance metrics, logs, and traces.

These stages involve numerous tools (GitLab, SonarQube, Allure, JMeter, Jenkins, Travis CI, Argo CD, etc.), producing heterogeneous data that is difficult to manage and extract value from.

3. Unified Data Ingestion and Management

3.1 Massive Data Management Pain Points

Multiple observability tools (ELK, Splunk, Prometheus, SkyWalking, Jaeger, Zipkin) lead to high operational and learning costs, scalability challenges, and data silos that prevent joint queries across logs and metrics.

3.2 Data Unified Ingestion and Management

We propose a unified storage for logs, metrics, and traces, enabling downstream query, visualization, monitoring, alerting, and AI capabilities, as well as data transformation from heterogeneous to homogeneous formats.

Based on the unified store, a common query language extends standard SQL with DSL and PromQL functions, allowing joint queries across different data types.

Examples include using SQL to analyze logs, PromQL‑extended SQL functions for metrics, nested queries for aggregation, and AI‑enabled functions for intelligent analysis.

4. Intelligent Inspection

4.1 Challenges of Traditional Monitoring

Traditional monitoring relies on fixed thresholds or simple comparisons, leading to rule explosion, lack of adaptability, and high false‑positive/negative rates as services scale and evolve.

4.2 Smart Inspection

Our smart inspection solution offers:

Intelligent pre‑processing to reduce false alerts at the source.

Adaptive monitoring that learns thresholds from historical data.

Dynamic feedback incorporating user confirmations to refine models.

It excels in scenarios with high variance, such as periodic traffic spikes where fixed thresholds fail.

4.3 Implementation Approach

We employ unsupervised learning to automatically extract data features and select appropriate algorithms for real‑time anomaly detection, complemented by supervised models trained on user‑labeled alerts to continuously improve accuracy.

Two algorithms are compared:

Streaming Graph Algorithm – suitable for general time‑series anomalies (CPU, memory, QPS, etc.).

Streaming Decomposition Algorithm – ideal for strongly periodic series such as game visits or order volumes.

Relevant papers: “Time‑Series Event Prediction with Evolutionary State Graph” and “RobustSTL: A Robust Seasonal‑Trend Decomposition Algorithm for Long Time Series”.

5. Alert Intelligent Management

5.1 Alert Management Pain Points

Massive alerts cause tool sprawl, lack of convergence, and weak notification mechanisms.

5.2 Smart Alert Management

Key mechanisms include:

Automatic deduplication using alert fingerprints.

Routing aggregation to combine related alerts.

Alert suppression to mute dependent alerts.

Silencing based on predefined conditions.

Dynamic dispatch supports multiple channels (SMS, voice, email, DingTalk, Webhook), context‑aware routing, and escalation for unresolved alerts.

On‑call rotation and delegation are also handled, ensuring alerts reach the right personnel.

6. Summary and Outlook

The complete architecture unifies logs, metrics, traces, and events into a single observability store, enabling unified query, visualization, monitoring, and alert management for development, operations, security, and other roles. Future work includes deeper AI‑driven root‑cause analysis, automated remediation, and expanded webhook integrations.