Loki Vs. Elasticsearch For Log Aggregation
After yesterday’s post on sending Docker logs to Cloudwatch, I researched different log aggregation solutions. Just to understand them.
I had been aware of the ELK stack – Elasticsearch, Logstash, Kibana, but didn’t know much about Loki by Grafana Labs.
Here’s a good article comparing the differences between the two.
The main difference between Loki and ELK is that Loki doesn’t index the full log content. It only indexes the metadata, or labels of the logs.
An example of a label is the host that emitted the log or the name of the service.
Not indexing all the log contents makes storage cost-efficient and searching fast. However, this means that you can’t do full text searches on the log contents like you can with ELK.
I recommend checking out the article linked above if you want more details.
For now, I’m sticking with Cloudwatch for my side project.
Join the 80/20 DevOps Newsletter
If you're an engineering leader or developer, you should subscribe to my 80/20 DevOps Newsletter. Give me 1 minute of your day, and I'll teach you essential DevOps skills. I cover topics like Kubernetes, AWS, Infrastructure as Code, and more.
Not sure yet? Check out the archive.
Unsubscribe at any time.