End-to-End Observability for vLLM and TGI: from DCGM to Tokens

Running large language model inference servers in production exposes gaps that neither stock Prometheus dashboards nor the official documentation of vLLM or TGI cover completely. This article maps the layers that matter, names the exact signals to scrape and flags the traps most teams only hit after real traffic arrives.

Audience: SREs, ML platform engineers and observability engineers who operate or are about to operate vLLM or TGI on GPUs.

Why LLM serving breaks standard observability

A model server is not a regular web service. Four properties invalidate the usual playbook.

Latency is not scalar. Time to first token (TTFT), inter-token latency (ITL) and end-to-end latency tell three different stories. Optimizing one usually degrades another. Prefill-bound workloads (long prompts, short outputs) and decode-bound workloads (chat, agents, RAG) have inverse profiles. A single p99 number is meaningless without saying which latency it refers to and what input distribution produced it.

Batching is dynamic and preemptive. Continuous batching schedules in-flight requests into the same forward pass. Throughput rises with batch size up to a point where KV cache pressure forces evictions or swaps. Standard "queue depth" metrics still apply, but the relationship between queue depth and tail latency is non-linear and bursty. A queue that looks shallow for ninety seconds and explodes for ten is more useful to detect than a steady moderate queue.

The KV cache is the real bottleneck. It lives in VRAM, grows with sequence length and dominates memory pressure. When it fills, vLLM preempts or swaps requests. TGI rejects new arrivals. Neither outcome is visible from CPU or network metrics. The KV cache is the single most informative signal on the engine layer, and it has no equivalent in a stateless web service.

Hardware reaches into the application. A degraded NVLink, a thermal throttle or an NCCL all-reduce stall propagates directly to the request queue. The observability stack has to reach down to the silicon or it will produce dashboards that look fine while users wait.

The right answer is a layered pipeline that correlates a token rendered to a user with what happened on the silicon a few milliseconds earlier.

Layer map

┌────────────────────────────────────────────────┐
│ Business and cost (€/token, €/tenant, €/h GPU) │
├────────────────────────────────────────────────┤
│ API and distributed tracing (OTel GenAI)       │
├────────────────────────────────────────────────┤
│ Inference engine (vLLM, TGI: Prometheus)       │
├────────────────────────────────────────────────┤
│ Container and OS (cAdvisor, kubelet, eBPF)     │
├────────────────────────────────────────────────┤
│ CUDA runtime and collectives (NCCL, cuPTI)     │
├────────────────────────────────────────────────┤
│ GPU silicon (DCGM exporter, NVLink, PCIe)      │
└────────────────────────────────────────────────┘

Each layer has its own native signals. The value of an end-to-end pile comes from the ability to cross-reference them.

Layer by layer

GPU silicon

DCGM exporter is the right entry point. The signals worth wiring up from day one:

DCGM metric	What it actually says
DCGM_FI_DEV_GPU_UTIL	Coarse indicator. Reaches 100 % for badly vectorized kernels. Do not use alone.
DCGM_FI_PROF_SM_ACTIVE	Fraction of cycles where at least one warp is active on an SM.
DCGM_FI_PROF_SM_OCCUPANCY	Average warps active per SM normalized to the maximum.
DCGM_FI_PROF_PIPE_TENSOR_ACTIVE	Fraction of cycles the tensor cores are working. The real utilization signal for LLM inference.
DCGM_FI_PROF_PIPE_FP16_ACTIVE, _FP32_ACTIVE	Pipeline activity by precision. Useful to spot fallbacks.
DCGM_FI_PROF_DRAM_ACTIVE	HBM traffic. Identifies memory-bound workloads.
DCGM_FI_DEV_FB_USED, _FB_FREE	VRAM in use and free. Cross with vllm:gpu_cache_usage_perc.
DCGM_FI_PROF_NVLINK_RX_BYTES, _TX_BYTES	Inter-GPU traffic. Essential under tensor parallelism.
DCGM_FI_PROF_PCIE_RX_BYTES, _TX_BYTES	GPU to host traffic. Surfaces pressure during model loading and CPU paging.
DCGM_FI_DEV_POWER_USAGE, _GPU_TEMP, _MEMORY_TEMP	Power and thermal. Throttling shows up here before it shows up in user latency.
DCGM_FI_DEV_SM_CLOCK, _MEM_CLOCK	Effective clocks. A persistent drop is the first sign of thermal throttling.

DCGM exporter ships as a Helm chart and runs as a DaemonSet on GPU nodes. Default scrape interval is one second, fine for steady-state dashboards but coarse enough to miss sub-second incidents like an eviction storm. Two profiles in production:

• steady: 5 seconds, full field set.
• incident: 250 ms, reduced field set, enabled on alert.

A few hardware notes that change what you should monitor:

• MIG (Multi-Instance GPU). When MIG slices are active, DCGM exposes per-slice metrics under the same field IDs with a different device label. Pin labels in your relabel config or you will see metrics merge or vanish across reschedules.
• NVSwitch (DGX, HGX). Add the NVSwitch exporter alongside DCGM. NVLink saturation at the switch is invisible from the per-GPU NVLink counters alone.
• InfiniBand. Use the Mellanox ibutils exporter or ucx counters. RDMA traffic for distributed inference does not appear in the GPU metrics path.

CUDA runtime and collectives

Tensor parallelism and pipeline parallelism rely on NCCL. When one GPU waits for its peers, application latency shows anomalies with no CPU or network cause visible.

Sources worth wiring:

• NCCL_DEBUG=WARN in production with parseable output, ingested as structured logs. INFO is too verbose and has a non-trivial overhead.
• nvidia-nccl-exporter where the version supports your CUDA stack.
• cuPTI for kernel-level and collective-level tracing. Enable on demand only, the overhead is measurable and biases what you are trying to observe.
• On InfiniBand fabric, export UCX counters and SHARP statistics. NCCL alone does not surface fabric congestion.

Collective patterns to remember when reading dashboards:

• All-reduce dominates tensor-parallel matmul splits. Saturated NVLink with idle SMs means you are bandwidth-bound on the collective.
• All-gather appears in some attention implementations and in pipeline-parallel weight gathering.
• Send/recv dominates pipeline parallelism. Imbalance between stages shows up as one GPU with low SM activity and a long send wait.

These traces are not meant to be on all the time. Continuous lightweight counters with on-demand deep tracing is the pattern that scales.

Container and OS

Platform layer:

• cAdvisor and kubelet for pod CPU, RAM and IO.
• kube-state-metrics for Pod state, OOM events and restarts.
• kube_pod_info joined to GPU identity (nvidia.com/gpu device id) to map pod to physical GPU.

Kernel layer:

• eBPF via Tetragon, bpftrace or Pixie for syscalls, unexpected network egress and model file reads.
• On-CPU profiling via parca or pyroscope without instrumenting the binary.

eBPF is also where the security observability lives. A minimal Tetragon policy that watches model file reads and unexpected egress on the inference pod:

apiVersion: cilium.io/v1alpha1
kind: TracingPolicy
metadata:
  name: vllm-runtime-watch
spec:
  podSelector:
    matchLabels:
      app: vllm
  kprobes:
    - call: "security_file_open"
      syscall: false
      args:
        - index: 0
          type: "file"
      selectors:
        - matchArgs:
            - index: 0
              operator: "Prefix"
              values:
                - "/models/"
                - "/root/.cache/huggingface/"
          matchActions:
            - action: Post
    - call: "tcp_connect"
      syscall: false
      args:
        - index: 0
          type: "sock"
      selectors:
        - matchArgs:
            - index: 0
              operator: "NotDAddr"
              values:
                - "10.0.0.0/8"
                - "127.0.0.0/8"
          matchActions:
            - action: Post

This is a starter: it logs every model file read and every non-RFC1918 outbound connection from vLLM pods. Convert to alerts only after a quiet-period baseline.

Inference engine

The layer most teams neglect the longest, while being the densest in business signal.

vLLM exposes /metrics by default. The base set:

Metric	Type	Reading
vllm:time_to_first_token_seconds	histogram	Server-side TTFT. Compare to gateway TTFT.
vllm:time_per_output_token_seconds	histogram	ITL. What the user feels in streaming.
vllm:e2e_request_latency_seconds	histogram	Server-side end-to-end latency.
vllm:num_requests_running	gauge	Requests in the active batch.
vllm:num_requests_waiting	gauge	Queue depth. First saturation indicator.
vllm:num_requests_swapped	gauge	Requests paged to CPU. VRAM pressure.
vllm:gpu_cache_usage_perc	gauge	KV cache occupation. At 1.0 with swapped > 0, you are in eviction territory.
vllm:num_preemptions_total	counter	Cumulative preemptions. Take the per-second rate.
vllm:prompt_tokens_total	counter	Input tokens processed.
vllm:generation_tokens_total	counter	Generated tokens. Cost calculation base.

Recent vLLM versions also expose prefix caching and speculative decoding metrics. The exact names depend on the version, but the families to look for:

• vllm:gpu_prefix_cache_hits_total, vllm:gpu_prefix_cache_queries_total. Hit rate dominates the gain from prefix caching in agent and RAG workloads.
• Speculative decoding counters that let you derive the acceptance rate of the draft model. If acceptance falls below the break-even point against the draft model overhead, spec decode is costing you throughput.

TGI exposes /metrics with a different naming convention:

Metric	Reading
tgi_batch_current_size	Active batch size.
tgi_batch_next_size	Next batch being formed.
tgi_queue_size	Queue depth.
tgi_request_queue_duration	Time in queue.
tgi_request_inference_duration	Engine time.
tgi_batch_inference_duration	Per-batch latency, decomposable into forward and decode.
tgi_request_input_length, tgi_request_generated_tokens	Token counters per request.

Both engines emit histograms with standard Prometheus buckets. Quantiles are computed at query time (histogram_quantile in PromQL or VMQL equivalents).

A practical reading habit: never look at a single engine metric in isolation. The useful patterns are paired.

• vllm:num_requests_waiting rising with vllm:gpu_cache_usage_perc at 1.0 and vllm:num_preemptions_total rate > 0: you are in cache thrash. Reduce max_num_seqs or raise max_num_batched_tokens.
• vllm:num_requests_waiting rising with healthy cache: you are compute-bound. Add capacity or reduce max_num_batched_tokens.
• tgi_queue_size high with tgi_batch_current_size plateauing below maximum: scheduler is starving on token budget. Inspect max_batch_total_tokens.

API and distributed tracing

Tracing answers "where did my request spend its time" independently of aggregate metrics.

Adopt OpenTelemetry with the GenAI semantic conventions:

• gen_ai.system (for example vllm, tgi),
• gen_ai.operation.name (chat, completion),
• gen_ai.request.model,
• gen_ai.request.max_tokens, temperature, top_p,
• gen_ai.usage.input_tokens, gen_ai.usage.output_tokens,
• gen_ai.response.finish_reasons.

A useful span breakdown:

http.server.request
└── gen_ai.completion
    ├── tokenize
    ├── schedule
    ├── prefill
    ├── decode  (loop, span per batch step)
    ├── detokenize
    └── stream_out

Available instrumentation libraries: OpenLIT, openllmetry (Traceloop) and OpenInference (Arize). Pick one and stick to it. Mixing them produces inconsistent attribute names that break dashboard queries.

The request_id propagated from the ingress through to the engine is the key that makes downstream correlation possible. Declare it at the ingress (header x-request-id), propagate it through OTel baggage, log it on the engine side and attach it as a trace attribute.

Prometheus exemplars are worth the configuration cost. They link a histogram bucket to one or more traces, so a click on a TTFT p99 spike in Grafana jumps directly to the slowest traces. vLLM does not expose exemplars natively today, but the OTel collector can attach trace IDs to scraped histograms via the spanmetrics connector. Sample collector snippet:

connectors:
  spanmetrics:
    histogram:
      explicit:
        buckets: [10ms, 50ms, 100ms, 250ms, 500ms, 1s, 2s, 5s]
    dimensions:
      - name: gen_ai.system
      - name: gen_ai.request.model
      - name: tenant
    exemplars:
      enabled: true

This gives you metric-to-trace navigation without changing the engine code.

Logs

Structured, JSON. VictoriaLogs handles the volume without forcing a complex query syntax.

Minimum fields for the inference layer:

• request_id,
• tenant,
• model,
• prompt_tokens, generation_tokens,
• ttft_ms, e2e_ms,
• finish_reason,
• gpu_id (resolved at pod level),
• trace_id, span_id (for cross-reference with traces).

Do not log prompts and outputs by default. If you need to, allocate a separate channel with short retention and active PII filtering. The legal exposure of an unfiltered prompt log dwarfs any operational benefit.

Business and cost

The only layer that talks to leadership. From the native counters you derive three indicators.

Cost per request, per tenant, per model. The denominator changes the answer, surface all three.

Hourly cost of a GPU normalized by tokens produced in the same window. This is the closest thing to a useful efficiency metric.

Useful tokens over billed tokens. A measure of batching efficiency: how many tokens you produce per token of GPU compute time.

Cost per tenant, in PromQL:

sum by (tenant) (
  rate(vllm:generation_tokens_total{tenant=~".+"}[5m])
)
* on(model) group_left
  cost_per_generation_token_eur

Where cost_per_generation_token_eur is a reference series pushed by a configuration job. Maintain prompt vs generation rates separately, they price differently in most providers and they have different production costs (prefill is single forward pass, decode is autoregressive).

A useful refinement is to include idle cost. A GPU running at 30 % utilization still costs the full hourly rate. The "effective cost per token" should distribute the full GPU hour over the tokens actually produced:

(gpu_hourly_cost_eur)
/
(sum by (gpu) (rate(vllm:generation_tokens_total[1h])) * 3600)

This is the number that drives capacity decisions, not the marginal cost per token.

The hard problems

Cross-layer correlation

Linking a rendered token to a physical GPU is trivial in theory and hard in practice. The concrete plumbing:

1. request_id propagated from ingress through engine spans.
2. Engine-side spans carry gpu_id as an attribute.
3. Metric series carry pod and gpu_uuid labels, joined via kube_pod_info to a pod to gpu_uuid mapping (DCGM exposes UUID and device labels).
4. Dashboards join temporally on time windows and spatially on gpu_uuid.

DCGM samples per GPU, not per request. Fine-grained correlation is always done by time window, never by exact identifier. The illusion of per-request hardware metrics is exactly that, an illusion.

Cardinality

Labeling by tenant and model is healthy. Labeling by user_id, session_id or request_id on metrics is forbidden. Those dimensions belong to traces and logs.

VictoriaMetrics absorbs moderate cardinality well, especially with vmagent stream aggregation pre-rolling histograms. But multi-tenant inference explodes fast. Run the math at design time:

tenants × models × quantiles × histogram_buckets × instances

Ten tenants, five models, six quantiles, ten buckets, fifty instances gives 150 000 series for one histogram metric alone. Add three histograms (TTFT, ITL, e2e) and you are at half a million series before counters and gauges. Plan accordingly or use stream aggregation to drop unused dimensions before storage.

Sampling

Three rhythms coexist: DCGM at 1 s, vLLM at 10 s, traces sometimes at 1 in 100. For brief incidents (preemption bursts, KV eviction storms), prepare:

• OTel collector with tail-based sampling, rule "if error or slow then keep",
• DCGM in incident mode at 250 ms, switched on by an alert webhook,
• eBPF in continuous collection on critical syscalls (no sampling, the overhead is minimal),
• vLLM kept at 10 s, no faster path exists without patching.

A tail-based sampling policy that works in practice:

tail_sampling:
  decision_wait: 10s
  policies:
    - name: errors
      type: status_code
      status_code: { status_codes: [ERROR] }
    - name: slow_ttft
      type: latency
      latency: { threshold_ms: 2000 }
    - name: high_value_tenant
      type: string_attribute
      string_attribute:
        key: tenant
        values: [enterprise_a, enterprise_b]
    - name: baseline
      type: probabilistic
      probabilistic: { sampling_percentage: 5 }

This keeps every error, every slow TTFT, every trace from high-value tenants and a 5 % baseline of normal traffic.

Time origin

Server-side TTFT is not what the user feels. Streaming, proxy buffering, HTTP buffer flushes and WAN traversal all change the perceived value. Measure also:

• gateway-side TTFT (Envoy upstream_rq_time or equivalent),
• client-side TTFT where possible (SDK instrumentation).

Without these, you optimize a number that does not reflect the experience. The gap between engine TTFT and gateway TTFT is also a useful health signal in itself, a sudden divergence usually means a proxy buffering regression.

SLO design for LLM serving

Standard SRE SLO patterns need adjustment for LLM serving. A defensible starting set:

SLO	Definition	Why
TTFT availability	p95 TTFT below threshold over rolling window	Streaming UX collapses without it.
ITL stability	p95 ITL below threshold	Decode stalls feel worse than a long initial wait.
Completion success	success rate of requests that produce at least one token	Hard failure metric.
Streaming completeness	percentage of streams that emit finish_reason=stop (not length, not error)	Quality proxy.
Capacity headroom	p95 queue depth below a threshold	Forward-looking, drives autoscaling.

The thresholds depend on the model and workload. Chat: TTFT p95 under 1 s, ITL p95 under 80 ms. RAG: TTFT p95 under 3 s, ITL p95 under 50 ms (long outputs amplify ITL). Code completion: TTFT p95 under 500 ms, ITL p95 under 30 ms.

Express them as multi-window multi-burn-rate alerts on the underlying SLI series, not as single-threshold alerts. The Google SRE workbook formulas apply unchanged.

Reference pile

Components:

Role	Recommended	Alternative
Metrics	VictoriaMetrics cluster with vmagent	Prometheus with Thanos or Mimir
Logs	VictoriaLogs	Loki, OpenSearch
Traces	Tempo, Jaeger	SaaS (Honeycomb, Datadog)
Application collection	OTel collector (agent and gateway)	Vector, Fluent Bit
GPU collection	DCGM exporter (DaemonSet)	nvidia_gpu_exporter (legacy)
eBPF	Tetragon, Pixie	Falco
Visualization	Grafana	Perses

OTel collector pipeline (agent)

receivers:
  prometheus:
    config:
      scrape_configs:
        - job_name: vllm
          scrape_interval: 10s
          static_configs:
            - targets: ['localhost:8000']
        - job_name: dcgm
          scrape_interval: 5s
          static_configs:
            - targets: ['localhost:9400']
  otlp:
    protocols:
      grpc:
        endpoint: 0.0.0.0:4317

processors:
  batch:
    timeout: 5s
  k8sattributes:
    auth_type: serviceAccount
    extract:
      metadata:
        - k8s.pod.name
        - k8s.namespace.name
        - k8s.node.name
      labels:
        - tag_name: app
          key: app
          from: pod
        - tag_name: tenant
          key: tenant
          from: pod
  resource:
    attributes:
      - key: deployment.environment
        value: prod
        action: upsert
  tail_sampling:
    decision_wait: 10s
    policies:
      - name: errors
        type: status_code
        status_code: { status_codes: [ERROR] }
      - name: slow
        type: latency
        latency: { threshold_ms: 2000 }
      - name: baseline
        type: probabilistic
        probabilistic: { sampling_percentage: 5 }

connectors:
  spanmetrics:
    histogram:
      explicit:
        buckets: [10ms, 50ms, 100ms, 250ms, 500ms, 1s, 2s, 5s, 10s]
    dimensions:
      - name: gen_ai.system
      - name: gen_ai.request.model
      - name: tenant
    exemplars:
      enabled: true

exporters:
  prometheusremotewrite:
    endpoint: http://vmagent.observability.svc:8429/api/v1/write
    external_labels:
      cluster: prod-eu-west
  otlp/tempo:
    endpoint: tempo.observability.svc:4317
    tls:
      insecure: true

service:
  pipelines:
    metrics:
      receivers: [prometheus, spanmetrics]
      processors: [batch, k8sattributes, resource]
      exporters: [prometheusremotewrite]
    traces:
      receivers: [otlp]
      processors: [batch, k8sattributes, resource, tail_sampling]
      exporters: [otlp/tempo, spanmetrics]

The spanmetrics connector turns traces into low-cardinality histograms with exemplars, giving you click-through from metrics to traces without changing engine code.

Useful starter queries

TTFT p99 by model:

histogram_quantile(0.99,
  sum by (model, le) (
    rate(vllm:time_to_first_token_seconds_bucket[5m])
  )
)

Preemptions per second overlaid with cache occupation:

rate(vllm:num_preemptions_total[1m])

Effective tensor core utilization per GPU:

avg by (gpu) (DCGM_FI_PROF_PIPE_TENSOR_ACTIVE)

Tokens per GPU-second (efficiency):

sum by (gpu) (rate(vllm:generation_tokens_total[5m]))
/
count by (gpu) (DCGM_FI_DEV_GPU_UTIL)

Normalized TGI queue pressure:

tgi_queue_size / on(instance) tgi_batch_current_size

Cost per hour per tenant:

sum by (tenant) (
  rate(vllm:generation_tokens_total[1h]) * 3600
) * on(model) group_left cost_per_generation_token_eur

Alerting that does not lie

Alerts on inference servers should fire on user-visible degradation, not on resource thresholds. A working starter set:

TTFT burn-rate (multi-window).

- alert: VLLMTTFTBudgetFastBurn
  expr: |
    (
      sum by (model) (rate(vllm:time_to_first_token_seconds_bucket{le="1.0"}[5m]))
      /
      sum by (model) (rate(vllm:time_to_first_token_seconds_count[5m]))
    ) < 0.95
    and
    (
      sum by (model) (rate(vllm:time_to_first_token_seconds_bucket{le="1.0"}[1h]))
      /
      sum by (model) (rate(vllm:time_to_first_token_seconds_count[1h]))
    ) < 0.95
  for: 2m
  labels:
    severity: page

Cache thrash detector.

- alert: VLLMCacheThrash
  expr: |
    vllm:gpu_cache_usage_perc > 0.95
    and
    rate(vllm:num_preemptions_total[2m]) > 0.5
  for: 5m
  labels:
    severity: ticket

Tensor core idle under load.

- alert: GPUTensorIdleUnderLoad
  expr: |
    avg_over_time(DCGM_FI_PROF_PIPE_TENSOR_ACTIVE[10m]) < 0.2
    and
    vllm:num_requests_running > 4
  for: 10m
  labels:
    severity: ticket

This last alert catches the case where the engine reports work in flight but the tensor cores are idle. The usual cause is a stalled NCCL collective or a CPU-bound bottleneck before the GPU.

Streaming completion regression.

- alert: VLLMStreamingTruncations
  expr: |
    (
      sum by (model) (rate(vllm:request_success_total{finish_reason="length"}[10m]))
      /
      sum by (model) (rate(vllm:request_success_total[10m]))
    ) > 0.1
  for: 15m
  labels:
    severity: ticket

When more than 10 % of requests stop on length, either max_tokens is too low for the use case or quality has regressed.

Avoid alerting directly on queue depth or GPU utilization. Both vary widely under healthy load. They are diagnostic, not actionable.

Anti-patterns

To review every quarter:

• Treating DCGM_FI_DEV_GPU_UTIL as utilization. The right read is DCGM_FI_PROF_PIPE_TENSOR_ACTIVE.
• Tuning batching against mean latency. Tail latency and queue depth tell the truth.
• Labeling metrics by request_id. That belongs to traces.
• Measuring latency only at the engine. Add the gateway, add the client where possible.
• Capturing prompts and outputs in traces without an active PII filter.
• Counting "tokens" without separating prompt and generation. Pricing is asymmetric, batching capacity is asymmetric.
• Leaving cuPTI and NCCL_DEBUG=INFO on in production. Measurable overhead, biased measurements.
• Sampling traces uniformly. Tail-based sampling with rules for errors, slow requests and high-value tenants catches more value at lower volume.
• Storing everything at maximum resolution. Cardinality cost explodes before retention cost.
• Building alerts on resource thresholds. Alert on user-visible SLOs, treat resource metrics as diagnostic.

Maturity ladder

Where teams typically stand and where to move next.

Level 0: nothing specific. Generic node and pod metrics. No idea how the engine is doing. Move to level 1 by scraping the engine's /metrics.

Level 1: engine metrics only. vLLM or TGI metrics scraped, basic dashboard. Sufficient for an initial deployment, blind to hardware-rooted issues. Move to level 2 by adding DCGM and pod-to-GPU mapping.

Level 2: engine plus GPU correlated. Most pragmatic teams stop here. Resolves 70 % of incidents in practice. Move to level 3 when multi-tenant pressure starts and when latency complaints exceed throughput complaints.

Level 3: distributed tracing with GenAI semconv. Per-request visibility, exemplar-driven debugging, tenant-aware SLOs. Required at scale. Move to level 4 for regulated workloads and HPC fabrics.

Level 4: kernel and fabric depth. eBPF policies in alerting paths, NCCL and InfiniBand observability, audit-grade logging with retention policies, confidential computing where applicable. Required for regulated industries, sovereign deployments and large-scale training-adjacent serving.

Move one level at a time. Skipping levels produces dashboards no one trusts.

Where to go next

Three topics deserve their own articles:

1. KV cache observability: eviction, fragmentation, swap. Native metrics, stress experiments, mitigations.
2. NCCL and tensor parallelism: observing inter-GPU flows and finding the collective that stalls the batch.
3. Securing an inference server: attack surface, eBPF detection, sandboxing, AI Act audit trail.

The right implementation order in production:

1. Inference engine metrics (vLLM, TGI native scrape).
2. GPU metrics (DCGM exporter).
3. Distributed tracing with OTel GenAI semconv.
4. Structured logs with trace_id and request_id.
5. Business and cost layer.
6. eBPF policies for security and runtime observability.
7. NCCL and cuPTI on demand for hard-to-reproduce issues.

Starting with layers 1 and 2 alone resolves most of the incidents observed in production. Everything above that compounds value once the base is solid.

---

Corrections and operational war stories welcome.