Beyond Elk: Lightweight and Scalable Cloud-Native Log Monitoring

How does Greptime handle dynamic schemas where you don&#x27;t know most of the shape of the data upfront?<p>Where I work, we have maybe a hundred different sources of structured logs: Our own applications, Kubernetes, databases, CI&#x2F;CD software, lots of system processes. There&#x27;s no common schema other than the basics (timestamp, message, source, Kubernetes metadata). Apps produce all sorts JSON fields, and we have thousands and thousands of fields across all these apps.<p>It&#x27;d be okay to define a small core subset, but we&#x27;d need a sensible &quot;catch all&quot; rule for the rest. All fields need to be searchable, but it&#x27;s of course OK if performance is a little worse for non-core fields, as long as you can go into the schema and explicitly add it in order to speed things up.<p>Also, how does Greptime scale with that many fields? Does it do fine with thousands of columns?<p>I imagine it would be a good idea to have one table per source. Is it easy&#x2F;performant to search multiple tables (union ordered by time) in a single query?

Am I the only one that got, &quot;This article smells like it was written by an AI told to &#x27;compare these two products&#x27;&quot;?<p>Something around the sentence structure just is offputting.

Any reason to use this like in Azure over their cloud native options such as with AKS that has fluentd built into the ama-pod? It already sends logs to Azure Monitor&#x2F;LogA. Azure Managed Grafana can take in Kusto queries. AMA can monitor VMs. Further you can use DCE&#x2F;DCRs for custom logs. Azure provides Azure native ElasticSearch too. It seems to own this market.<p>You can predictably control costs and predict costs with these models.

For logs I&#x27;d be more likely to choose <a href="https:&#x2F;&#x2F;www.gravwell.io" rel="nofollow">https:&#x2F;&#x2F;www.gravwell.io</a> as it&#x27;s log agnostic and I&#x27;ve seen it crush 40Tb&#x2F;s a day, whereas it looks like greptime is purpose-tuned for metrics and telemetry data.

This space is so crowded, I think any new startup is very unlikely to survive, unless it solves its own business case first.

How does it compare to openobserve?

Reading the web site, I just noticed the open-source version does not have &quot;Log query endpoints&quot;.<p>Does that mean you have to use SQL (or the visual SQL builder) to query logs, and you don&#x27;t get access to a log query language the way Kibana gives you KQL and Lucene syntax?<p>If so, I think it&#x27;s a little disingenuous to write an article comparing the ELK stack, which <i>is</i> open source and comes with a perfectly usable query UI, to Greptime&#x27;s equivalent, which is not.

I&#x27;m always skeptical toward software companies with an outdated year in the footer.

What scenario would I use best?