What does HackerNews think of loki?

One project worth keeping an eye on is Loki (https://github.com/grafana/loki), which eschews full text search for more basic indexing off of "labels", ie it works a lot like prometheus.

There's a writeup on the differences with the EFK stack here: https://github.com/grafana/loki/blob/master/docs/overview/co...

After working with a client for multiple years continually hitting bottlenecks and complexity with the EFK stack, I'm really looking forward to something different.

We love JSON logs and previously just sent most of it to systemd's journald and use a custom tool to view them. But maybe a year ago Grafana released https://github.com/grafana/loki and we've been using it on https://oya.to/ ever since.

IIRC, the recommended way to integrate it with Grafana is via promtail but we weren't too keen on the added complexity of yet-another service in the middle so we developed a custom client library in Go to just send the logs straight to Loki (which we should probably open source at some point).

I don't think there's any fancy graph integration yet, but the Grafana explore tab with log level/severity and label filtering works well enough esp. since they introduced support for pretty printed JSON log payloads.

Not sure sonic is a replacement for Elasticsearch in terms of ELK as "Sonic is an identifier index, rather than a document index; when queried, it returns IDs that can then be used to refer to the matched documents in an external database", i.e. you will have to either find a way to resolve your ids back to the original documents (which may be difficult in case you have logs rotation, retention etc.) or in addition to Sonic store the docs somewhere else.

There's also Loki - https://github.com/grafana/loki which integrates with Grafana natively which may be the Kibana replacement you're looking for.

https://github.com/grafana/loki is very promising in this space. Dead-easy to run.