Loki is a log aggregation system from Grafana Labs, designed to be “Prometheus for logs.” Instead of full-text indexing every log line, Loki indexes only a small set of labels — namespace, pod, container, job — and stores the raw log streams as compressed chunks in object storage. Queries then scan matching chunks directly, trading query speed for dramatically lower storage cost and operational overhead.
The system can run as a single binary or as microservices — distributor, ingester, querier, query-frontend, compactor, and ruler — and all state lives in S3, GCS, Azure Blob, or a filesystem, with a small index kept in BoltDB-shipper, TSDB, or an external KV store. Logs are pushed in by Promtail (Loki’s own agent), Fluent Bit, Vector, the Grafana Alloy agent, or the OpenTelemetry Collector. Queries are written in LogQL, a pipeline language modelled on PromQL that supports label matchers, regex line filters, parsers for JSON and logfmt, and metric-style aggregations over log streams.
Loki integrates tightly with Grafana dashboards and Alertmanager, and competes with Elasticsearch + Kibana, OpenSearch, and Splunk — winning on cost at the expense of arbitrary full-text search.