Skip to content

Instantly share code, notes, and snippets.

@akhan4u

akhan4u/kubernetes_logging.md

Last active August 12, 2025 04:19
Show Gist options
  • Save akhan4u/14d72f7900969ce1832d621c09fe261b to your computer and use it in GitHub Desktop.
Save akhan4u/14d72f7900969ce1832d621c09fe261b to your computer and use it in GitHub Desktop.
Download ZIP
kubernetes logging
Raw
kubernetes_logging.md 
flowchart TD
    A[Kubernetes Cluster] --> B[Metrics Collection]
    A --> C[Log Collection]

    %% Metrics Branch
    B --> D[Prometheus]
    B --> Z[VictoriaMetrics Stack]
    D --> E[Grafana]
    D --> F[Alertmanager]
    D --> G[Mimir]
    Z --> ZA[VictoriaMetrics]
    Z --> ZB[VMAlert]
    Z --> ZC[VMUI]
    Z --> ZD[Grafana]

    %% Log Branch
    C --> H[EFK Stack]
    C --> I[Loki]
    C --> J[Fluent Bit / Promtail / Vector]

    %% EFK Details
    H --> K[Fluentd]
    H --> L[Elasticsearch]
    H --> M[Kibana]

    %% Loki Details
    I --> N[Promtail]
    I --> O[Loki]
    I --> P[Grafana]

    %% Lightweight Alternatives
    J --> Q[File/S3 Storage]
    J --> R[Loki]
    J --> S[External/Cloud Solutions]

    %% Monitoring vs Logging
    B -.-> T[Use for Performance, Health, Alerts]
    C -.-> U[Use for Troubleshooting, Auditing, Compliance]

    %% User Actions
    E --> V[Query Metrics]
    F --> W[Get Alerts]
    M --> X[Query Logs]
    P --> Y[Query Logs]
    ZD --> V
    ZB --> W
    ZC --> V
    ZA --> ZC
    ZA --> ZB
Loading
@akhan4u
Copy link
Author

akhan4u commented Aug 12, 2025

Mimir is for metrics storage, not log storage.

  • Grafana Mimir is an open-source, horizontally scalable, long-term storage for Prometheus metrics.
  • It is designed to store, query, and manage time-series metric data (such as CPU, memory, HTTP requests, etc.), not logs.
  • For log storage, you should use Grafana Loki (which is Grafana’s solution for log aggregation and storage).

Summary:

  • Mimir → Metrics (Prometheus)
  • Loki → Logs

@akhan4u
Copy link
Author

akhan4u commented Aug 12, 2025

A popular lightweight alternative to Elasticsearch for log aggregation and storage in Kubernetes is Grafana Loki.

Why Loki?

  • Designed for Kubernetes: Loki integrates natively with Kubernetes and Prometheus.
  • Lightweight: Consumes far fewer resources than Elasticsearch.
  • Scalable: Easy to run in single-node or multi-node clusters.
  • Simple Indexing: Indexes only metadata, not log content, resulting in lower storage and better performance for typical log aggregation use cases.
  • Visualization: Integrates seamlessly with Grafana for querying and dashboarding.

Typical Stack

  • Loki: Log storage and aggregation.
  • Promtail (or Fluent Bit): Log collection and forwarding from Kubernetes nodes/pods.
  • Grafana: Visualization and querying.

Other Lightweight Alternatives

  • Fluent Bit + local filesystem/S3: Collect logs and store them in files or cloud object storage. Good for simple setups.
  • Vector: Log collection, transformation, and forwarding. Can be used to send logs to cloud storage, Loki, or other destinations.
  • LogDNA, Papertrail, or similar SaaS solutions: If you want managed log aggregation.

Summary Table

Solution Resource Usage Query Features Visualization Kubernetes Integration
Loki Low Good Grafana Excellent
Fluent Bit Low None (raw logs) External (S3, file) Good
Vector Low None External Good
Elasticsearch High Excellent Kibana Good

Recommendation:
For most Kubernetes log aggregation needs, especially in small or single-node K3s clusters, Loki is the best lightweight alternative to Elasticsearch.

@akhan4u
Copy link
Author

akhan4u commented Aug 12, 2025

Prometheus stack and EFK stack serve different purposes when it comes to Kubernetes logging and monitoring:

Prometheus Stack

  • Components: Prometheus (metrics collection), Alertmanager (alerts), Grafana (visualization).
  • Main Focus: Metrics (CPU, memory, latency, request counts, error rates, etc.).
  • Logging Support: Prometheus itself does not collect or store logs. It can scrape log-based metrics (e.g., via exporters or Loki), but it’s not a log aggregation solution.
  • Use Case: Monitoring cluster and application health, performance, and alerting.

EFK Stack (Elasticsearch, Fluentd, Kibana)

  • Components: Fluentd (log collector/forwarder), Elasticsearch (log indexing/storage), Kibana (log visualization/search).
  • Main Focus: Log collection, aggregation, storage, and querying.
  • Logging Support: Purpose-built for collecting application, system, and cluster logs.
  • Use Case: Centralized log management, troubleshooting, search, compliance.

Summary Table

Stack Main Purpose Logging Support Metric Support Visualization
Prometheus Metrics/Monitoring ❌ (not for logs) Grafana
EFK Log Aggregation/Search ❌ (not for metrics) Kibana

Which is More Suitable for Log Collection?

  • EFK stack is more suitable for log collection in a Kubernetes (including K3s) environment.
  • If you want centralized, searchable logs, use EFK (or its alternatives: ELK, Loki, etc.).
  • Prometheus stack is for metrics—not logs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment