Observability Intermediate By Samson Tanimawo, PhD Published Dec 9, 2026 10 min read

The Three Pillars Are a Lie: Why Telemetry Is Really One Stream

Treating metrics, logs, and traces as separate systems sells three subscriptions, three storage costs, and three query languages. The unified-stream view is cheaper and more useful.

The three-pillars marketing trap

The ‘three pillars’ framing, metrics, logs, traces, was useful in 2018 because the tools genuinely were three separate systems. By 2026 the framing is mostly historical accident, and it costs teams real money.

If you have three observability pipelines, you have three sets of agents, three storage backends, three query languages, three sets of dashboards. The data is the same data, emitted three times, stored three ways, paid for thrice.

Why they are really one stream

An event happens. Service A handled request X at time T with parameters P, took N milliseconds, returned status S. That is one event. Everything else is a projection.
A metric is a counted projection (how many requests at status S in the last minute). A log is a serialised projection (the request line, plus context). A trace is a graph projection (this request fanned out into these spans).
All three projections come from the same source data. The savings come from emitting the source data once and projecting locally as needed.

Where the projections live

OpenTelemetry implements this directly: one SDK emits structured events; the Collector projects them into metrics, logs, and traces as configured. Storage costs drop because high-cardinality data lives in one place.

Modern observability vendors (Honeycomb, Grafana’s LGTM stack, Polar Signals) sell against this model: one event stream, queries that slice into the projection you need at read time, not at write time.

Migrating without forklift cost

Migration does not require ripping out old tools. Stand up the unified stream alongside; route a fraction of traffic to it; compare query results. Migrate one team at a time as confidence builds.

The hard part is the dashboard rewrite. Old metric dashboards translate to event-stream queries one-for-one but the syntax differs. Plan a quarter for dashboard migration once the data flows.

Antipatterns

Buying three vendors who each ‘handle one pillar.’ The bill compounds; the integration suffers.
Treating logs as the catchall. Logs are great for forensics, terrible for high-cardinality real-time querying.
Skipping the migration plan. Old dashboards never get migrated; they rot in parallel.

What to do this week

Three moves. (1) Inventory how many observability vendors you pay for; the number is usually higher than expected. (2) Pilot OpenTelemetry on one service; route to a unified backend. (3) Plan dashboard migration as a one-quarter project, not a one-sprint task.