Technology RadarTechnology Radar

Loki

devops
This item was not updated in last three versions of the Radar. Should it have appeared in one of the more recent editions, there is a good chance it remains pertinent. However, if the item dates back further, its relevance may have diminished and our current evaluation could vary. Regrettably, our capacity to consistently revisit items from past Radar editions is limited.
Adopt

After having very positive experiences, we decided to replace our ELK stacks with Loki, primarily for the following reasons:

  • Loki is significantly more cost-effective than the storage requirements of Elasticsearch used in the ELK stack.
  • The PromQL-like query language, familiar to users of Prometheus, makes it easier for DevOps and SRE teams who already use Prometheus for monitoring to work with logs.
  • Loki's native integration with Kubernetes simplifies the setup and configuration process.
  • Loki typically requires less maintenance and overhead compared to ELK.
Trial

Updated to adopt.

Trial

Archiving indexed log data with a system like Elasticsearch can be expensive and archiving it as simple text files makes it hard to query them. Loki solves this issue by adding a reference database based on Kubernetes labels to each log line similar to Prometheus, but holding the log data inside a simple blob storage like S3. This allows the user to query the data by pre-defined labels and keeps the costs for indexing low.

Another benefit is the fact that does not have an endpoint for mutating log data which makes the data immutable from a potential compromised system.

We at are using it for longer term log archiving in several Kubernetes clusters.