Set Up Loki

Cheap logs.

Overview

Loki is Grafana’s log aggregation system, designed around a deliberately narrow indexing strategy: index labels, not content. Storage stays cheap because raw log lines live in object storage; queries stay fast because the label index is small. The discipline that matters most is keeping label cardinality under control.

• Cheap retention via object storage. S3 or GCS holds the log content. Per-GB cost is a fraction of Elasticsearch on EBS.
• Label-based indexing. Service, namespace, level, region. Fast filter on those; full-text search on the result.
• LogQL query language. PromQL-style syntax with log-specific extensions. Teams already fluent in Prometheus pick it up quickly.
• Grafana integration plus Promtail or Vector. First-class data source in Grafana alongside metrics and traces; Promtail or Vector for log shipping.

The approach

Three habits keep Loki cheap and fast: monolithic mode to start, S3-backed storage from day one, and ruthless label discipline so cardinality stays under control.

• Monolithic mode to start. Single binary handles ingest and query for small deployments. Microservices mode follows when scale demands.
• S3-backed storage. Object storage for log content. The cost story only works with cheap object storage.
• Promtail or Vector for shipping. Promtail for Kubernetes-native; Vector for richer transforms. Both are standard.
• Label cardinality discipline plus documented config. Service, namespace, level, region only. High-cardinality fields like user ID stay out of labels and inside the log line.

Why this compounds

Each shipped service grows the team’s log visibility while keeping costs predictable. LogQL fluency compounds with PromQL fluency; the same Grafana dashboards now blend metrics, logs, and traces.

• Cost efficiency. S3 retention is dramatically cheaper than indexed retention. Years of logs become affordable.
• Unified observability UI. Logs alongside metrics and traces in Grafana. Investigations stop bouncing between tools.
• Reusable patterns. Standard collector configs and label conventions transfer between clusters.
• Year-one investment, year-two habit. First install is investment. By year two, onboarding a new service is a 30-minute task.