How To

Vercel Monitoring: 6 Failure Modes Behind a Green Deploy

A green deploy is not a healthy production. This Vercel monitoring guide maps the six failure modes that hide behind a passing build: failed and stuck deployments, env var drift between Preview and Production, runtime function errors and cold-start latency, ISR cache surprises, domain and certificate breakage, and usage spikes that become bill spikes. For each, learn where the signal lives — deployment view, runtime logs, or the Observability tab — plus one copy-pasteable inspection step and realistic triage time ranges. Part one of our Vercel monitoring series.

·
vercelobservabilitydeploymentsmonitoringnextjsdevops
Cover Image for Vercel Monitoring: 6 Failure Modes Behind a Green Deploy

Vercel Monitoring: 6 Failure Modes Behind a Green Deploy

The deploy finished. The dashboard showed a green checkmark, the preview URL looked fine, everyone moved on. Forty minutes later a customer in Sydney reported checkout errors — production had been returning 500s from one region since the promotion, and the first anyone heard about it was a support ticket.

That gap is what Vercel monitoring is actually about. Vercel abstracts away servers, but it doesn't abstract away failure — it just moves failure into places many teams never look: build logs, runtime function logs, cache headers, DNS records, and a usage page that only gets opened when the invoice arrives. The platform tells you a deployment succeeded; it doesn't tell you the deployment works.

This guide walks through the six things that most commonly go wrong on Vercel projects, where each one surfaces (deployment view, runtime logs, or the Observability tab), one concrete inspection step for each, and how long triage typically takes when you know where to look.

This is part one of a three-part series. Part two is a hands-on guide to Vercel triage with native tools only — CLI, log drains, checks, and rollbacks. Part three covers putting an AI agent on top of your Vercel deployments and logs.

1. Failed and stuck deployments

What it looks like. A push to main and no new production deployment. Either the build errored — a type error that only reproduces with production env vars, a dependency that resolves differently in Vercel's build container, an next build out-of-memory kill — or the deployment sits in Building or Queued far longer than usual, often because concurrent builds are saturated on your plan.

Where it shows up. The project's Deployments view in the dashboard, with the full build output under the failed deployment's Build Logs. From a terminal:

vercel ls                       # recent deployments and their states
vercel inspect <deployment-url> --logs   # full build log for one deployment

One inspection step. Read the build log bottom-up. Vercel prints the failing command's exit output last; the actual error is almost always within the final 30 lines, above the Error: Command "next build" exited with 1 line. Vercel's build troubleshooting guide lists the common exit reasons.

Typical triage time. 5–15 minutes when the build log states the error plainly; 30–60 minutes when the build passes locally and fails only in Vercel's environment — that case is usually failure mode #2.

2. Environment variable drift between environments

What it looks like. The classic: works in preview, breaks in production. Vercel keeps separate variable sets for Development, Preview, and Production, so a variable added during a feature branch quietly never gets a production value. The failure often isn't a build error — it's a runtime 500 on the first request that touches the missing key, or worse, an app silently pointed at a staging database.

Where it shows up. Nowhere proactive. It shows up as runtime errors in the logs (mode #3) unless you diff the environments yourself under Settings → Environment Variables.

One inspection step. Compare the lists per environment:

vercel env ls production
vercel env ls preview

Any variable present in preview but missing from production is a candidate for the failure you're chasing. See the environment variables docs for how targeting works, including branch-specific values — another common drift source.

Typical triage time. 2 minutes once you suspect it. Hours when you don't, because the error message ("cannot read properties of undefined") points at your code, not your config.

3. Runtime function errors and cold-start latency

What it looks like. The deploy is green because nothing at build time was wrong. Then real traffic hits a serverless function: an unhandled exception on a specific input, an upstream API timeout, or FUNCTION_INVOCATION_TIMEOUT on a route that occasionally exceeds its duration limit. Separately, p99 latency spikes that users describe as "sometimes it just hangs" are frequently cold starts — a function with a large bundle or many dependencies can add noticeable startup time to the first request after idle.

Where it shows up. The project's Logs tab shows runtime output with level and route filters; the Observability tab aggregates error rate, invocation counts, and duration percentiles per route (observability docs). From the CLI:

vercel logs <deployment-url>

Given a deployment URL, vercel logs follows the stream live — each invocation for up to five minutes; run it bare in a linked repo to query request logs from the last 24 hours. Anything older than your plan's short retention window is gone unless you configured a log drain (covered in part two).

One inspection step. In Observability, sort routes by error count for the window since your last deploy. If one route dominates and its first error timestamp matches a deployment, you have your suspect commit. For latency, compare a route's p75 against its p99 — a wide gap with a low invocation rate is the cold-start signature; a uniformly slow route is your code or an upstream.

Typical triage time. 10–30 minutes for a crashing route with clear stack traces; half a day for intermittent timeouts, because you're reconstructing behavior from whatever logs happened to be retained.

4. ISR and cache behavior surprises

What it looks like. Content that should have updated didn't — a price change that shipped an hour ago still shows the old value for some users — or the inverse, a page you believed was static is rendering on every request and burning function invocations. Incremental Static Regeneration serves stale content by design while revalidating in the background (ISR docs), which is excellent until nobody on the team remembers which pages carry which revalidate interval.

Where it shows up. Not in any error log — nothing is failing. The truth is in the response headers.

One inspection step. Ask the edge directly:

curl -sI https://your-site.com/pricing | grep -i x-vercel-cache

HIT means served from cache, STALE means served stale while revalidating, MISS and BYPASS mean the request went to your function. A page that should be static returning MISS on repeated requests means something — a cookie read, a dynamic export, an uncached fetch — opted it out of caching.

Typical triage time. 5 minutes to confirm cache state with headers; longer to find which code path opted the route out, since Next.js can switch a route to dynamic rendering from deep inside a component tree.

5. Domain and certificate issues

What it looks like. The apex domain works and www doesn't, or vice versa; a certificate renewal silently fails and browsers start warning users; a DNS change at the registrar breaks the pointing that made everything work. These issues are rare per-project but severe when they hit, because they take down the site while every deployment stays perfectly green.

Where it shows up. Settings → Domains in the project dashboard flags invalid configurations and pending certificates. From the CLI:

vercel certs ls
dig +short CNAME www.your-site.com

One inspection step. Check the domain's status in Settings → Domains first — Vercel states exactly what record it expects versus what it sees. The most common renewal blocker is a CAA DNS record that doesn't authorize Vercel's certificate authority; the domains troubleshooting docs cover the required records.

Typical triage time. 10 minutes to diagnose; anywhere from minutes to 48 hours to resolve, depending on DNS propagation and who controls the registrar account.

6. Usage spikes that become bill spikes

What it looks like. A crawler discovers your image-heavy catalog and image optimization transformations jump 40x. A middleware bug triggers an invocation loop. An ISR misconfiguration (mode #4) turns a static page into a function call per request. None of this pages anyone — it accrues quietly and arrives as an invoice several times your normal spend.

Where it shows up. The team-level Usage page breaks spend down by resource — function invocations and duration, edge requests, image optimization, data transfer — and the Observability tab shows which routes and assets drive it.

One inspection step. Enable Spend Management (Pro plans): set a monthly spend amount, get notified at thresholds, and optionally auto-pause the project when the cap is hit. Then look at Usage weekly, not monthly — a spike caught on day 2 is an annoyance; on day 28 it's a budget conversation.

Typical triage time. 15–30 minutes to identify the resource and route driving a spike. The expensive part is the days it ran before anyone looked.

The common thread: green isn't the same as healthy

Look back at the list: only one of the six failure modes (the failed build) is visible in the deployment status that teams actually watch. The other five hide in runtime logs that don't persist by default, headers nobody curls, environment diffs nobody runs, DNS records nobody rechecks, and a usage page nobody opens. Vercel gives you the signals — but scattered across five surfaces, and all of them pull-based. Someone has to go look.

That's workable at two deploys a week. At twenty deploys a week across a handful of projects, "someone goes and looks" is the monitoring strategy that produced the Sydney support ticket at the top of this article.

The next step is wiring these surfaces together yourself: part two covers exactly that with native tools only — CLI inspection workflows, log drains for persistence, deployment checks, webhooks, and instant rollbacks.

Make the signals come to you

Everything in this guide is pull-based; the fix is making it push-based — and adding judgment. CloudThinker agents connect to Vercel with a scoped read-only token, watch deployments and runtime errors continuously, and correlate a 500 spike with the deploy that introduced it — proposing a rollback or env fix for your approval instead of another dashboard to check. Try CloudThinker free — 100 premium credits, no card required — or continue with the DIY guide.