Observability stack для банка

Зачем банку unified observability

Banking operations — ABS, card processing, online banking, payments, ATM, branch — каждое имеет свой monitoring. Cross-system incident correlation требует hours.

Регулятор увеличивает requirements: incident reporting в hours, MTTR thresholds, availability targets.

Unified observability — три класса (metrics, logs, traces) на единой платформе.

Three pillars

Metrics. Throughput, latency p50/p95/p99, error rate. Per service, per channel.

Logs. Structured events, full-text search.

Traces. End-to-end request path через банковские systems.

Banking-specific requirements

PII в logs — masked or excluded. Compliance requirement.

Audit retention — long term (>5 лет) для regulator.

Critical service identification. Payment, online banking, ATM — different SLO targets.

Regulator-facing reporting. Service availability per quarter.

Структурные элементы

Collectors (OpenTelemetry).

Pipelines с PII filtering.

Storage tiers (hot/warm/cold).

Query layer unified.

Alerting с tuning.

Dashboards per service / per business flow.

SLI/SLO framework.

Где обычно ломается

Каждая команда свой stack — корреляция cross-system невозможна.

PII в plain logs — security incident.

Sampling aggressive — incident traces missing.

Alerts noisy — critical alerts ignored.

Retention слишком короткий — regulator audit fails.

Cost out of control.

Operating model

Owner — Head of SRE.

SRE per critical service.

Service owners (use platform, accountable для SLO).

Routine — weekly SLO review, post-mortem на каждый significant incident.

Связанное

• /architecture/banking-event-bus-architecture/ — event bus monitoring
• /insights/banking-sre-discipline/ — SRE
• /architecture/banking-mlops-architecture/ — MLOps observability
• /insights/banking-incident-management/ — incident management