[gmuslera]

Grafana´s Loki may have a lighter weight than the other examples you gave above.

For some kinds of logs there are tools for summarization and reports (like awstats for web or pflogsumm for mail servers).

And, of course, for particular queries on existing logs the standard text tools in a linux box let you generate a lot of info.

[thojest]

Grafana Loki was the one I really tried out. To be honest, I had the impression that this is still a bit alpha. You can work around a few shortcomings by reading from loki as a prometheus endpoint, but I experienced a few things in the data which were strange, and I could not observe when double checking the logs.

While it is true that the server footprint of promtail for collecting and pushig logs is much smaller, you still have to setup your loki sever for data aggregation. I spent nearly a week on the setup of promtail, loki and grafana and wasn't quite satisfied with stability and the end result. Of course this could be due to my limited experience considering log query language, time series db, prometheus, ... But overall I had the impression that what they aim for is quite similar to an optimized ELK stack.