Loki vs Elasticsearch

Logging.

Loki strengths

Cost. Loki indexes labels only, not log content. Storage on cheap object storage (S3, GCS). Typical cost: $1-5 per GB/month versus Elasticsearch's $20-50.

Operational simplicity. No shard management, no node tuning, no snapshot complexity. Loki's stateless query layer scales horizontally.

Tight Grafana integration. Loki and Grafana share the same vendor; query language (LogQL) mirrors PromQL. Native for Grafana-stack shops.

Elasticsearch strengths

Full-text search. Free-form queries across all log fields. Loki only matches labels efficiently; content searches scan.

Mature ecosystem. Kibana, Beats, Logstash, ML features. Long history, broad community, many integrations.

Aggregation power. Complex aggregations across structured fields. Useful for analytics-style queries on log data.

How to decide

K8s-heavy, Grafana-stack, cost-sensitive: Loki. The standard combination; ecosystem is converging here.

Heavy full-text search needs, mature Elastic operations: Elasticsearch. Don't migrate without a clear pain.

Compliance or specific Kibana feature requirements: Elasticsearch. Some industry-specific tooling assumes Elastic.

Hybrid approaches

Loki for hot/recent logs. Elasticsearch for full-text search on a sampled subset.

Higher operational complexity; only worth it for specific requirements. Most teams pick one and stick.

Migration is real work. Querying logic, dashboards, alerting all rewrite. Don't switch without strong justification.

Common pitfalls

Loki with high-cardinality labels. Defeats the cost model. Stick to bounded label sets; log fields go in content, not labels.

Elasticsearch without index lifecycle management. Old indices accumulate; storage explodes. ILM policies are mandatory.

Migrating without first deeply understanding the new tool. Cargo-culting Loki because Grafana said so produces unhappy teams; same for Elastic.