A lot of monitoring vendors claim to have real-time capabilities, but that’s not often the case, thanks to refresh latency.
Whether you’re a day-trader, a DevOps engineer or Lindsey Lohan in Mean Girls, you need access to critical information as soon as possible. In other words, you need real-time insight.
The term “real time,” however, is somewhat fuzzy. It’s thrown around quite a bit, and can mean different things depending on the context.
For example, according to Paul Buchheit, the creator of Gmail, every interaction should be faster than 100ms. Why? Because 100ms is the threshold where interactions feel instantaneous.
For ITOps and DevOps professionals that work against KPIs, like Mean-Time-To-Detect and Mean-Time-To-Acknowledge incidents with strict SLAs, the last thing you need is your monitoring technology acting as the bottleneck. In this context, “real time” involves a tool’s frequency of retrievals or updates to present new information.
Tiered architectures require you to perform jobs to retrieve the data — leading to significant latency that increases as the volumes get larger.
What Does Real-Time Monitoring Really Mean for ITOps & DevOps?
Since alert volumes are exponentially larger than personal email volumes, today’s universal standard for real-time is 1 second.
This means that the difference between the presentation of a data point (metric, Event, Alert, etc.) into the monitoring systems, and the creation of that data point, should be 1 second or less.
What is Near Real Time?
Based on our real-time definition, technologies that aggregate or refresh less frequently than every minute are not real-time. Rather, we refer to them as near real-time if they are still in the 1-3 minute range.
Why do certain tools have this latency? It’s typically a result of a tiered architecture, created to help ingest large volumes of events. The problem is that tiered architectures require you to perform jobs to retrieve the data — leading to significant latency that increases as the volumes get larger.
Since these jobs or refreshes tend to get very computationally expensive, the intervals of data retrieval increase to near real-time frequencies.
Which Tools Are Real Time?
It’s clear that every IT monitoring vendor claims real-time, but which ones really past the test? The bottom table include common monitoring technologies, their minimum refresh latencies, and default latencies.
|TechnologyTech||Min. Latency||Default Latency||Real-Time|
|Pingdom||1 minute||1 minute||No|
|AppDynamics||1 minute||1 minute||No|
|NewRelic||1 minute||1 minute||No|
|Dynatrace||1 minute||1 minute||No|
|Instana||1 second||1 second||Yes|
|DataDog||15 seconds||15 seconds||No|
|Wavefront||1 second||1 second||Yes|
|SignalFx||1 second||1 second||Yes|
|ExtraHop||30 seconds||5 minutes||No|
|SolarWinds||1 minute||5 minutes||No|
|ThousandEyes||1 minute||1 minute||No|
|Nagios||1.5 minutes||5 minutes||No|
|Zenoss||5 seconds||5 minutes||No|
|ScienceLogic||1 minute||5 minutes||No|
|Splunk||5 seconds||5 minutes||No|
|Elastic||1 second||1 second||Yes|
Clock photo © Christian Schnettelker
About the author
Sahil Khanna is a Sr. Product Marketing Manager at Moogsoft, where he focuses on the emergence of Algorithmic IT Operations. In his free time, Sahil enjoys banging on drums and participating in high-stakes bets.