Observer
Observer Agent

Probes vs scraping

Why the agent runs probes from inside your network instead of having the cloud scrape endpoints.

The classical observability pattern (Prometheus, Datadog, Grafana Cloud) is centralised scraping: a central system reaches out to your endpoints on a schedule and pulls metrics. Observer takes the inverse position: the agent runs in your network and pushes outcomes to the cloud. This page covers why.

The constraints scraping puts on you

Scraping requires the central system to reach every endpoint it measures. In practice this means at least one of:

  1. Public exposure of internal endpoints, sometimes with a reverse proxy or TLS-terminating load balancer purely to accept the scrape.
  2. A VPN or peering connection from the central system back into your network.
  3. A scraping agent inside your network that the central system pulls from (essentially shifting the same problem one hop).

Each option grows the network attack surface and the legal review surface. For organisations in regulated environments (PCI, HIPAA, defence, finance), opening any inbound path is a months-long compliance exercise.

The probe model

Observer's agent runs inside your network, hits its targets locally, and pushes the verdict to the cloud. No IP allowlist at your edge, no TLS-terminating proxy in front of internal endpoints, no reverse VPN. The exact request surface (which endpoints, which payloads, what stays put) is enumerated in Agent and cloud boundary.

The trade-off: collection happens in your network, so collection runs on your hardware. The agent is small (single process, roughly 40MB image, roughly 64MB RSS at idle) and runs anywhere a container can run.

When scraping is still preferable

When the targets are themselves SaaS systems with public scrape endpoints (a third-party API, a public DNS server, a hosted queue), the central system would have a clean path. Observer still uses the agent for these cases for one reason: a single configuration surface. Mixing "some metrics scraped centrally, some pushed from an agent" doubles the operator's mental model without an offsetting benefit. The agent runs the probe from wherever it sits and reports the result.

Was this page helpful?