Elasticsearch vs Loki

Overview

Elasticsearch

Stacks35.5K

Followers27.1K

Votes1.6K

Loki

Stacks552

Followers328

Votes17

GitHub Stars26.9K

Forks3.8K

Elasticsearch vs Loki: What are the differences?

Introduction

Elasticsearch and Loki are both open-source log aggregation systems, but they have some key differences in terms of their architecture, query language, and scalability.

Query Language: Elasticsearch uses a JSON-based query language called Query DSL, which provides a flexible and powerful way to search and filter data. On the other hand, Loki uses a label-based query language called LogQL, which is designed specifically for log data and allows users to filter logs based on their metadata labels.
Data Storage: Elasticsearch stores data in an inverted index, which allows for efficient full-text search and aggregations. It also supports sharding and replication, enabling horizontal scalability. In contrast, Loki stores logs as chunks of binary data in an object storage system like Amazon S3 or Google Cloud Storage. This approach optimizes for efficient storage and retrieval of log data.
Scalability: Elasticsearch is horizontally scalable and can handle large volumes of data by distributing it across multiple nodes in a cluster. It also supports data replication for high availability. Loki, on the other hand, is designed to be lightweight and horizontally scalable by leveraging object storage. It can handle high load but may require additional components like Grafana Tempo for distributed tracing.
Log Storage Lifetime: Elasticsearch is typically used for long-term log storage, allowing users to retain logs for extended periods of time. This makes it suitable for compliance or auditing purposes. Meanwhile, Loki is more focused on providing real-time log aggregation and analysis, with a shorter log storage lifetime. It prioritizes recent log data to provide real-time insights.
Log Structure: Elasticsearch is schemaless and can handle logs with varying structures. It automatically indexes log fields for efficient searching and filtering. On the other hand, Loki assumes that logs have a consistent structure and does not automatically index log fields. It relies on labels for querying and filtering log data.
Integration with Ecosystem: Elasticsearch is part of the Elastic Stack, which includes tools like Logstash and Kibana. Logstash provides log ingestion and transformation capabilities, while Kibana offers a visual interface for log exploration and analysis. Loki is part of the Grafana ecosystem, integrating seamlessly with Grafana for log visualization and analysis.

In summary, Elasticsearch and Loki differ in their query languages, data storage mechanisms, scalability approaches, log storage lifetimes, log structure assumptions, and integration with their respective ecosystems.

Share your Stack

Help developers discover the tools you use. Get visibility for your team's tech choices and contribute to the community's knowledge.

View Docs

CLI (Node.js)

Manual

Advice on Elasticsearch, Loki

Rana Usman

Chief Technology Officer at TechAvanza

Jun 4, 2020

Needs adviceon

Firebase

Elasticsearch

Algolia

Hey everybody! (1) I am developing an android application. I have data of around 3 million record (less than a TB). I want to save that data in the cloud. Which company provides the best cloud database services that would suit my scenario? It should be secured, long term useable, and provide better services. I decided to use Firebase Realtime database. Should I stick with Firebase or are there any other companies that provide a better service?

(2) I have the functionality of searching data in my app. Same data (less than a TB). Which search solution should I use in this case? I found Elasticsearch and Algolia search. It should be secure and fast. If any other company provides better services than these, please feel free to suggest them.

Thank you!

408k views408k

Comments

Detailed Comparison

Elasticsearch	Loki
Elasticsearch is a distributed, RESTful search and analytics engine capable of storing data and searching it in near real time. Elasticsearch, Kibana, Beats and Logstash are the Elastic Stack (sometimes called the ELK Stack).	Loki is a horizontally-scalable, highly-available, multi-tenant log aggregation system inspired by Prometheus. It is designed to be very cost effective and easy to operate, as it does not index the contents of the logs, but rather a set of labels for each log stream.
Distributed and Highly Available Search Engine;Multi Tenant with Multi Types;Various set of APIs including RESTful;Clients available in many languages including Java, Python, .NET, C#, Groovy, and more;Document oriented;Reliable, Asynchronous Write Behind for long term persistency;(Near) Real Time Search;Built on top of Apache Lucene;Per operation consistency;Inverted indices with finite state transducers for full-text querying;BKD trees for storing numeric and geo data;Column store for analytics;Compatible with Hadoop using the ES-Hadoop connector;Open Source under Apache 2 and Elastic License	-
Statistics
GitHub Stars -	GitHub Stars 26.9K
GitHub Forks -	GitHub Forks 3.8K
Stacks 35.5K	Stacks 552
Followers 27.1K	Followers 328
Votes 1.6K	Votes 17
Pros & Cons
Pros 329 Powerful api 315 Great search engine 231 Open source 214 Restful 200 Near real-time search Cons 7 Resource hungry 6 Diffecult to get started 5 Expensive 4 Hard to keep stable at large scale	Pros 5 Opensource 3 Very fast ingestion 3 Near real-time search 2 Low resource footprint 2 REST Api
Integrations
Kibana Beats Logstash	Grafana Kubernetes Docker Helm

What are some alternatives to Elasticsearch, Loki?

Algolia

Our mission is to make you a search expert. Push data to our API to make it searchable in real time. Build your dream front end with one of our web or mobile UI libraries. Tune relevance and get analytics right from your dashboard.

Typesense

It is an open source, typo tolerant search engine that delivers fast and relevant results out-of-the-box. has been built from scratch to offer a delightful, out-of-the-box search experience. From instant search to autosuggest, to faceted search, it has got you covered.

Amazon CloudSearch

Amazon CloudSearch enables you to search large collections of data such as web pages, document files, forum posts, or product information. With a few clicks in the AWS Management Console, you can create a search domain, upload the data you want to make searchable to Amazon CloudSearch, and the search service automatically provisions the required technology resources and deploys a highly tuned search index.

Seq

Seq is a self-hosted server for structured log search, analysis, and alerting. It can be hosted on Windows or Linux/Docker, and has integrations for most popular structured logging libraries.

Amazon Elasticsearch Service

Amazon Elasticsearch Service is a fully managed service that makes it easy for you to deploy, secure, and operate Elasticsearch at scale with zero down time.

Manticore Search

It is a full-text search engine written in C++ and a fork of Sphinx Search. It's designed to be simple to use, light and fast, while allowing advanced full-text searching. Connectivity is provided via a MySQL compatible protocol or HTTP, making it easy to integrate.

Azure Search

Azure Search makes it easy to add powerful and sophisticated search capabilities to your website or application. Quickly and easily tune search results and construct rich, fine-tuned ranking models to tie search results to business goals. Reliable throughput and storage provide fast search indexing and querying to support time-sensitive search scenarios.

Swiftype

Swiftype is the easiest way to add great search to your website or mobile application.

MeiliSearch

It is a powerful, fast, open-source, easy to use, and deploy search engine. The search and indexation are fully customizable and handles features like typo-tolerance, filters, and synonyms.

Quickwit

It is the next-gen search & analytics engine built for logs. It is designed from the ground up to offer cost-efficiency and high reliability on large data sets. Its benefits are most apparent in multi-tenancy or multi-index settings.

Related Comparisons

Elasticsearch vs Loki: What are the differences?

Introduction

Elasticsearch and Loki are both open-source log aggregation systems, but they have some key differences in terms of their architecture, query language, and scalability.

Query Language: Elasticsearch uses a JSON-based query language called Query DSL, which provides a flexible and powerful way to search and filter data. On the other hand, Loki uses a label-based query language called LogQL, which is designed specifically for log data and allows users to filter logs based on their metadata labels.
Data Storage: Elasticsearch stores data in an inverted index, which allows for efficient full-text search and aggregations. It also supports sharding and replication, enabling horizontal scalability. In contrast, Loki stores logs as chunks of binary data in an object storage system like Amazon S3 or Google Cloud Storage. This approach optimizes for efficient storage and retrieval of log data.
Scalability: Elasticsearch is horizontally scalable and can handle large volumes of data by distributing it across multiple nodes in a cluster. It also supports data replication for high availability. Loki, on the other hand, is designed to be lightweight and horizontally scalable by leveraging object storage. It can handle high load but may require additional components like Grafana Tempo for distributed tracing.
Log Storage Lifetime: Elasticsearch is typically used for long-term log storage, allowing users to retain logs for extended periods of time. This makes it suitable for compliance or auditing purposes. Meanwhile, Loki is more focused on providing real-time log aggregation and analysis, with a shorter log storage lifetime. It prioritizes recent log data to provide real-time insights.
Log Structure: Elasticsearch is schemaless and can handle logs with varying structures. It automatically indexes log fields for efficient searching and filtering. On the other hand, Loki assumes that logs have a consistent structure and does not automatically index log fields. It relies on labels for querying and filtering log data.
Integration with Ecosystem: Elasticsearch is part of the Elastic Stack, which includes tools like Logstash and Kibana. Logstash provides log ingestion and transformation capabilities, while Kibana offers a visual interface for log exploration and analysis. Loki is part of the Grafana ecosystem, integrating seamlessly with Grafana for log visualization and analysis.

Elasticsearch vs Loki

Overview

Elasticsearch vs Loki: What are the differences?