AOE Technology RadarAOE Technology Radar

Loki

devops
Adopt

After having very positive experiences, we decided to replace our ELK stacks with Loki, primarily for the following reasons:

  • Loki is significantly more cost-effective than the storage requirements of Elasticsearch used in the ELK stack.
  • The PromQL-like query language, familiar to users of Prometheus, makes it easier for DevOps and SRE teams who already use Prometheus for monitoring to work with logs.
  • Loki's native integration with Kubernetes simplifies the setup and configuration process.
  • Loki typically requires less maintenance and overhead compared to ELK.
Trial

Updated to adopt.

Trial

Archiving indexed log data with a system like Elasticsearch can be expensive and archiving it as simple text files makes it hard to query them. Loki solves this issue by adding a reference database based on Kubernetes labels to each log line similar to Prometheus, but holding the log data inside a simple blob storage like S3. This allows the user to query the data by pre-defined labels and keeps the costs for indexing low.

Another benefit is the fact that does not have an endpoint for mutating log data which makes the data immutable from a potential compromised system.

We at AOE are using it for longer term log archiving in several Kubernetes clusters.