github.com/yankunsam/loki/v2@v2.6.3-0.20220817130409-389df5235c27/docs/sources/fundamentals/overview/comparisons.md (about)

     1  ---
     2  title: Comparisons
     3  ---
     4  # Loki compared to other log systems
     5  
     6  ## Grafana Loki / Promtail / Grafana vs EFK
     7  
     8  The EFK (Elasticsearch, Fluentd, Kibana) stack is used to ingest, visualize, and
     9  query for logs from various sources.
    10  
    11  Data in Elasticsearch is stored on-disk as unstructured JSON objects. Both the
    12  keys for each object and the contents of each key are indexed. Data can then be
    13  queried using a JSON object to define a query (called the Query DSL) or through
    14  the Lucene query language.
    15  
    16  In comparison, Grafana Loki in single-binary mode can store data on-disk, but in
    17  horizontally-scalable mode data is stored in a cloud storage system such as S3,
    18  GCS, or Cassandra. Logs are stored in plaintext form tagged with a set of label
    19  names and values, where only the label pairs are indexed. This tradeoff makes it
    20  cheaper to operate than a full index and allows developers to aggressively log
    21  from their applications. Logs in Loki are queried using [LogQL](../../../logql).
    22  However, because of this design tradeoff, LogQL queries that filter based on
    23  content (i.e., text within the log lines) require loading all chunks within the
    24  search window that match the labels defined in the query.
    25  
    26  Fluentd is usually used to collect and forward logs to Elasticsearch. Fluentd is
    27  called a data collector which can ingest logs from many sources, process it, and
    28  forward it to one or more targets.
    29  
    30  In comparison, Promtail's use case is specifically tailored to Loki. Its main mode
    31  of operation is to discover log files stored on disk and forward them associated
    32  with a set of labels to Loki. Promtail can do service discovery for Kubernetes
    33  pods running on the same node as Promtail, act as a container sidecar or a
    34  Docker logging driver, read logs from specified folders, and tail the systemd
    35  journal.
    36  
    37  The way Loki represents logs by a set of label pairs is similar to how
    38  [Prometheus](https://prometheus.io) represents metrics. When deployed in an
    39  environment alongside Prometheus, logs from Promtail usually have the same
    40  labels as your applications metrics thanks to using the same service
    41  discovery mechanisms. Having logs and metrics with the same labels enables users
    42  to seamlessly context switch between metrics and logs, helping with root cause
    43  analysis.
    44  
    45  Kibana is used to visualize and search Elasticsearch data and is very powerful
    46  for doing analytics on that data. Kibana provides many visualization tools to do
    47  data analysis, such as location maps, machine learning for anomaly detection,
    48  and graphs to discover relationships in data. Alerts can be configured to notify
    49  users when an unexpected condition occurs.
    50  
    51  In comparison, Grafana is tailored specifically towards time series data from
    52  sources like Prometheus and Loki. Dashboards can be set up to visualize metrics
    53  (log support coming soon) and an explore view can be used to make ad-hoc queries
    54  against your data. Like Kibana, Grafana supports alerting based on your metrics.