Slide 4 of 13

Elasticsearch

Elasticsearch: Full-text search and log analytics

What it’s for: Logs with complex search needs including security analytics, audit logging, and full-text search.

Trade-offs

ProsCons
Powerful full-text searchComplex to operate
Mature ecosystemHigher resource usage
Rich query capabilitiesMore expensive than Loki
Decades of developmentSteeper learning curve

Best for

  • Complex log search requirements
  • Security analytics (SIEM)
  • Existing Elasticsearch installations

Documentation

View the full documentation. Learning path coming soon!

Elasticsearch data source

Script

Elasticsearch has been the industry standard for log search for over a decade, and for good reason. It indexes everything, every word in every log line. This enables powerful full-text search across your entire log corpus.

Need to find every log containing a specific error message? Elasticsearch finds it instantly.

The query capabilities are incredibly rich: fuzzy matching, phrase searches, aggregations, complex boolean logic. For security teams doing SIEM work, Elasticsearch is often the default choice because that investigative search capability is essential.

The trade-offs? Complexity and cost. Elasticsearch is harder to operate than Loki and uses more resources.

But if you need sophisticated search capabilities, or you’re already running Elasticsearch for other purposes, it’s an excellent choice.

/
Previous Next