Log aggregation — practice сбора logs из multiple services в central searchable store. Причина: grep по 50 servers — не scale. Stack options: ELK (Elasticsearch + Logstash + Kibana) — powerful но expensive, Loki (Grafana, cheaper), Splunk (enterprise $$$), CloudWatch/DataDog Logs (SaaS). Critical features: search, alerts, retention, correlation с traces.
Ниже: подробности, пример, смежные термины, FAQ.
Бесплатный онлайн-инструмент — проверка HTTP-заголовков: результат мгновенно, без регистрации.
# Fluent Bit config
[INPUT]
Name tail
Path /var/log/nginx/access.log
[OUTPUT]
Name loki
Host grafana-loki:3100
Labels host=$HOSTNAME,service=nginxLog aggregation works by collecting logs from various services and storing them in a central location. This is typically done using log collectors or agents that run on each service and forward the logs to a central server or service. The central server then stores the logs in a searchable format, making it easy to query and analyze them.
There are several technologies used for log aggregation, including:
Once the logs are collected, they can be searched, analyzed, and visualized using various tools and dashboards. This allows for quick identification of issues and trends in the system.
Log aggregation offers several benefits for monitoring and managing systems:
Overall, log aggregation helps organizations maintain the reliability and performance of their systems by providing a centralized and efficient way to manage logs.
While log aggregation offers many benefits, it also presents several challenges:
Solutions to these challenges include:
By addressing these challenges, organizations can effectively leverage log aggregation to improve their monitoring and management practices.
ELK: full-text indexed, fast search, expensive at scale. Loki: Prometheus-like labels + grep при query time, 10× cheaper. Для high-volume — Loki. Для complex search — ELK.
Sampling (drop 90% INFO logs), log level discipline (INFO/WARN/ERROR не DEBUG в prod), TTL (< 30 days hot).
Ingestion в nearest region + async replication. Или separate stores + federated search (Loki federation, CloudWatch cross-account).
Бесплатный тариф — 10 мониторов, проверки каждые 5 мин, без карты. Платные тарифы — интервал от 1 минуты и проверки из нескольких регионов.