Logs

Logs

Introduction to Loki

Loki is a horizontally-scalable, highly-available, multi-tenant log aggregation system inspired by Prometheus. It is designed to be cost-effective and easy to operate. It does not index the contents of the logs, but rather a set of labels for each log stream.

Compared to other log aggregation systems, Loki:

  • Does not do full text indexing on logs. By storing compressed, unstructured logs and only indexing metadata, Loki is simpler to operate and cheaper to run.
  • Indexes and groups log streams using the same labels you’re already using with Prometheus, enabling you to seamlessly switch between metrics and logs using the same labels that you’re already using with Prometheus.
  • Is an especially good fit for storing Kubernetes Pod logs. Metadata such as Pod labels is automatically scraped and indexed.
  • Has native support in Grafana (needs Grafana v6.0+).

A Loki-based logging stack consists of three components:

  • promtail is the agent, responsible for gathering logs and sending them to Loki.
  • loki is the main server, responsible for storing logs and processing queries.
  • Grafana for querying and displaying the logs.

Loki is like Prometheus, but for logs: we prefer a multidimensional label-based approach to indexing, and want a single-binary, easy to operate system with no dependencies. Loki differs from Prometheus by focusing on logs instead of metrics, and delivering logs via push, instead of pull.

Next steps with Grafana Cloud Loki

Once you have Promtail running, continue with our usage docs on how to query your logs.

Documentation

Getting Help

If you have any questions or feedback regarding Loki:

Your feedback is always welcome.

Further Reading